|securing BIRT url [message #1002863]
||Sat, 19 January 2013 12:30
| g g
Registered: August 2012
I have called the report viewer is by passing parameter variables in the URL. For instance I call my report via http://localhost:8080/WebViewerExample/frameset?__report=report1.rptdesign¶m1=5000|
The user can easily change the param1 value say @param1=10000 and view report for which he/she is unauthorized. I am looking for a way to prevent users from changing parameters and only allow them to come from the server.
I tried using tomcat role-based security but still problem persists at the same role level.
Is it possible that report viewer accepts the encrypted URL from the server and un-encrypt it to show the report content?
Is there any other way to resolve the problem?
Powered by FUDForum
. Page generated in 0.01469 seconds