| any Report GURU. [message #90057] |
Mon, 18 October 2004 21:51  |
Ali-imran
Messages: 1
Registered: October 2004
|
Junior Member |
|
|
Dear All :
MY application build in Forms reports 6i deployed on OAS 1.0.2.2.2a on windwos 2000 server .
As reports are opened on web with the job ID assign by the reports server .As one report ran successfully with job id eg.100 , when we run other reports the server will assign new job id IE 101 but if we again give previous job id(100) at the adress bar (URL bar) it shows previous report also. This is a big Security problem.
ie: one user can c other users reports also by changing the report id in the address bar
Tell me how to tackle/RESOLVE this issue by giving some sutible examples
With Best Regards :Ali-Imran
|
|
|
|
| Re: any Report GURU. [message #90060 is a reply to message #90057] |
Tue, 19 October 2004 22:22  |
Himanshu
Messages: 457
Registered: December 2001
|
Senior Member |
|
|
Hi,
This is a Bug.
The reports server has it's built in security feature that allows you to create ACLs for report access. In 6i this feature is leveraging oracle portal.
In 9i there is a concept of a pluggable security that allows users to implement their own ACL concept.
Please refer to tutorial on OTN which explains how to create such a security module.
Another way would be to use run_report_object and have the reports store the output into a directory which is mapped onto a virtual directory in your web server.
This is done by setting DESTYPE=FILE and DESNAME=a.pdf when using run_report_object. Then using web.show_document, you can access this pdf file. This way no user would be able to find out the file name. There is no jobid involved here.
HTH
Regards
Himanshu
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
