Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED]Encrypting parameters passed to focex

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[SOLVED]Encrypting parameters passed to focex
 Login/Join
 
Member
posted
Hi,
I am newbie to WebFOCUS.. a Java Developer trying to integrate WebFOCUS reporting into our existing application.


We have a requirement to obfuscate the URL parameters when calling a focex from our web application. Does WebFOCUS have the capability to receive an encrypted token ( Using Triple DES or AES.. etc) and decrypt it to get the list of parameters before calling the procedure?

Any help or pointers to where I can get this information is much appreciated.


Thx

Sri

This message has been edited. Last edited by: Srihari,


Version: WebFOCUS 761
OS: Windows
Output formats: HTML, Active Reports, PDF
 
Posts: 4 | Registered: March 22, 2011Report This Post
Expert
posted Hide Post
If your Web application uses a form, and the action is POST, the parameters are not sent in the URL. If this is too simplistic an answer for a Java developer, I apologize.


Francis


Give me code, or give me retirement. In FOCUS since 1991

Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server
 
Posts: 10577 | Location: Toronto, Ontario, Canada | Registered: April 27, 2005Report This Post
Member
posted Hide Post
I should have been clear. No we do not want the parameters to be sent in clear text on a POST as well. We are planning to use POST.


Version: WebFOCUS 761
OS: Windows
Output formats: HTML, Active Reports, PDF
 
Posts: 4 | Registered: March 22, 2011Report This Post
<JG>
posted
Got to ask, Why not post?

Using post as opposed to get remove URL length and hence parameter restrictions
 
Report This Post
Virtuoso
posted Hide Post
What about just using SSL, then you just have to implement WF under HTTPS.

If that is not desirable, then you can develop an WF plugin in Java to decrypt them yourself ... or use a filter. Look in your doc for building a web focus plugin (ibi.webfoc.WFEXTDefault).


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Member
posted Hide Post
Thanks for your suggestions. We are using HTTPS.
I will look into the web focus plugin /filter idea.


Version: WebFOCUS 761
OS: Windows
Output formats: HTML, Active Reports, PDF
 
Posts: 4 | Registered: March 22, 2011Report This Post
Virtuoso
posted Hide Post
OK, I'm lost here. If you are using SSL, then everything is already encrypted on the wire. Why do you want to encrypt it further?


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Member
posted Hide Post
Our information security rules do not allow for data to be sent without encryption from one Web application to another.

It prevents users of the App from accessing data that is not appropriate for their role. They can potentially manipulate the data even if it POST.

Note that the WebFocus reporting application is not a self service tool. We are going to call the reports from an existing Web App.


Version: WebFOCUS 761
OS: Windows
Output formats: HTML, Active Reports, PDF
 
Posts: 4 | Registered: March 22, 2011Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED]Encrypting parameters passed to focex

Copyright © 1996-2020 Information Builders