OraFAQ Forum: Application Express, ORDS & MOD_PLSQL » Hide schema name,username and password from url

Home » Developer & Programmer » Application Express, ORDS & MOD_PLSQL » Hide schema name,username and password from url (Oracle Apex 4.2, OS-windows7)

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Hide schema name,username and password from url [message #658962]

Mon, 02 January 2017 06:58

apexmahfuj
Messages: 1
Registered: January 2017

Junior Member

Hi,

I have called a rdf report (10g) from an apex page by passing three parameters and its working.

My report runs without no error.

But what have I found that the whole information such as schema name,user_name,password are showing in the path,

Which is very unsecured for me. And if anyone will try to enter my schema and to steal my information ,it will be possible.

I am using oracle Apex 4.2 version.

OS windows 7.

The report path is as well as given here---

192.168.20.000:8889/reports/rwservlet?destype=cache&desformat=pdf&report=D:\ubill_rep\UBILL_PRINT.rdf&userid=ebc/ebc@ubil l&PMODE='D'&%0A%0ALCUST_NUM=9113040&SBILLCYCLE=201611

So Its crying need for me to hide this all information from the report path.I need the solution as soon as possible.

Report message to a moderator

Re: Hide schema name,username and password from url [message #658966 is a reply to message #658962]

Mon, 02 January 2017 14:01

Littlefoot
Messages: 21823
Registered: June 2005
Location: Croatia, Europe

Senior Member
Account Moderator

Well, I can share some thoughts.

On the IAS, go to reports\conf directory. In there you'll find the CGICMD.DAT file. It is used for the purpose you describe. By defining the "report", you specify report name, connection string, number of parameters (up to 10) you want to pass to the report. A sample line (within the CGICMD.DAT file) looks like this:

calc_spec: server=rep_ias report=calc_spec.rdf userid=rac/nic@ora10g destype=cache desformat=PDF %1 %2

(%1 and %2 represent two parameters report accepts).

When calling the report, I do it through the dynamic action which has two steps: in PL/SQL procedure I create the whole URL, while in JavaScript part I just call the report. PL/SQL part looks like this:

begin
  :P159_URL := 
    'http://my-server/reports/rwservlet?' ||
    'calc_spec'                           ||
    '&par_id_obj='   || :P159_ID_OBJ      ||
    '&par_id_type='  || :P159_ID_TYPE;
end;

(par_id_obj and par_id_type are report's parameters; their values are created by appending Apex page items' values).

JavaScript:

window.open($x('P159_URL').value);

The final result (P159_URL):

http://my-server/reports/rwservlet?calc_spec&par_id_obj=TS&par_id_type=12

As you already have the reports server running, you have the RDF file, know the parameters, I believe you'll be able to make it work. Good luck!

Report message to a moderator

Previous Topic:	apex 5.0 to Apex 5.1
Next Topic:	oops internet explorer could not connect to app_server:7778

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Dec 04 13:10:04 CST 2024