Skip to main content


Eclipse Community Forums

      Home
Home » Archived » BIRT » securing BIRT url(need suggestion for securing the BIRT url)
securing BIRT url [message #1002863] Sat, 19 January 2013 12:30 Go to next message
Eclipse UserFriend
I have called the report viewer is by passing parameter variables in the URL. For instance I call my report via http://localhost:8080/WebViewerExample/frameset?__report=report1.rptdesign&param1=5000

The user can easily change the param1 value say @param1=10000 and view report for which he/she is unauthorized. I am looking for a way to prevent users from changing parameters and only allow them to come from the server.

I tried using tomcat role-based security but still problem persists at the same role level.

Is it possible that report viewer accepts the encrypted URL from the server and un-encrypt it to show the report content?

Is there any other way to resolve the problem?

Regards,
G
Re: securing BIRT url [message #1004227 is a reply to message #1002863] Tue, 22 January 2013 15:52 Go to previous messageGo to next message
Eclipse UserFriend
You can encrypt parameter data and send that to the report. You would need to encrypt/decrypt the data in the beforeOpen. I've attach a simple example report to show how this can be done.
Re: securing BIRT url [message #1004500 is a reply to message #1004227] Wed, 23 January 2013 06:03 Go to previous message
Eclipse UserFriend
Thanks a lot. It was very useful example. I was able to resolve the problem.
Previous Topic:How to get all Label controls using Designer API?
Next Topic:aggregation doesn't work
Goto Forum:
  


Current Time: Wed Mar 19 16:40:12 EDT 2025

Powered by FUDForum. Page generated in 0.02935 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly