Eclipse Community Forums: BIRT » securing BIRT url

Help

Home

Home » Archived » BIRT » securing BIRT url(need suggestion for securing the BIRT url)

Show: Today's Messages :: Show Polls :: Message Navigator

securing BIRT url [message #1002863]

Sat, 19 January 2013 17:30

g g

Messages: 17
Registered: August 2012

Junior Member

I have called the report viewer is by passing parameter variables in the URL. For instance I call my report via http://localhost:8080/WebViewerExample/frameset?__report=report1.rptdesign&param1=5000

The user can easily change the param1 value say @param1=10000 and view report for which he/she is unauthorized. I am looking for a way to prevent users from changing parameters and only allow them to come from the server.

I tried using tomcat role-based security but still problem persists at the same role level.

Is it possible that report viewer accepts the encrypted URL from the server and un-encrypt it to show the report content?

Is there any other way to resolve the problem?

Regards,
G

Report message to a moderator

Re: securing BIRT url [message #1004227 is a reply to message #1002863]

Tue, 22 January 2013 20:52

Kristopher Clark

Messages: 130
Registered: January 2013

Senior Member

You can encrypt parameter data and send that to the report. You would need to encrypt/decrypt the data in the beforeOpen. I've attach a simple example report to show how this can be done.