Cgicmd.dat

Hello everyone,
Would any one tell me how secure is it to put a userid/password entry inside cgicmd.dat
Thanks
Jibu ..

It is secure in the sence that it subject to the same threats that any component has on a web server (or any normal server for that matter). Provided you don't allow access to anybody that shouldn't have access to the server, you should be safe. Ask youself the question is the configuration of you app server/web server safe? If you have put this out as a reporting tool to the internet then you may need to look at getting a firewall if you haven't done this yet.
What you may also need to consider is what access rights the user has you have for this cmdkey. You wouldn't want them to be able to update or insert data, or event to be able to read any table on the database. you want them only to be able to read tables/view/materialised view, they require in order for the report to successfully run.
Cheers
Q

Similar Messages

  • Problem with cgicmd.dat in reports 10g

    Dear Sir/Mam,
    I've configured report serve on solaris 10. When executing reports using web url with key map given in cgicmd.dat file, I'm getting a very strange problem. Whatever parameters m passing to the reports through web url an additional "=" character is appended automatically. I'm giving details of the files below. Please help me out. Thanks in advance.
    Content of rwservlet.properties:-
    SERVER_IN_PROCESS=YES
    RELOAD_KEYMAP=YES
    DIAGNOSTIC=YES
    TRACEOPTS=TRACE_ALL
    TRACEFILE=rwservlet.trc
    TRACEMODE=TRACE_REPLACE
    SERVER=test
    #IMAGEURL=http://<web_server_name>:<port_num>/reports/rwservlet
    KEYMAPFILE=cgicmd.dat
    #DBAUTH=RWDBAUTH.HTM
    #SYSAUTH=RWSYSAUTH.HTM
    #ERRORTEMPLATE=RWERROR.HTM
    #COOKIEEXPIRE=30
    ENCRYPTIONKEY=reports9i
    #DIAGBODYTAGS=<reports_servlet_help_file_title>
    #DIAGHEADTAGS=<reports_servlet_help_file_body_tag>
    #HELPURL=<url_of_customized_help_file_for_reports_servlet>
    #SINGLESIGNON=YES
    OID_ENTITY=%REPORTS_OID_ENTITY%
    #ALLOWHTMLTAGS=NO
    #REPORTS_NETWORK_CONFIG=rwnetwork.conf
    #OIDCON_INIT=10
    #OIDCON_INCREMENT=10
    #OIDCON_TIMEOUT=0
    DEFAULTCHARSET=JA16EUC
    #DEFAULTCHARSET=EUC-JP
    Content of cgicmd.dat:-
    osk47zgenp: report=%1 userid=utimainapp/utimainapp@testdb rundebug=NO desformat=delimited destype=cache mode=bitmap mast_ext=roymask.xls p_start_dt=%2 p_end_dt=%3 p_srvc_id=%4 p_sch_id=%5 p_agnt_cd=%6 p_user_id=%7 p_sesn_id=%8
    Report URL is:-
    http://10.10.100.110:8890/reports/rwservlet?osk47zgenp+rp_os424_mat_recon.rdf+30-JUN-2009+01-JAN-2010++31++shashi+1492544
    Error coming on browser:-
    REP-110: File 'rp_os424_mat_recon.rdf=' not found.
    REP-0110: Unable to open file 'rp_os424_mat_recon.rdf='.
    Content of rwservlet.trc:-
    [2011/1/19 7:37:1:624] (RWClient:doGet) enter...
    [2011/1/19 7:37:1:625] Debug 50103 (RWClient:doGet): QueryString: osk47zgenp+rp_os424_mat_recon.rdf+30-JUN-2009+01-JAN-2010++31+
    shashi1492544
    [2011/1/19 7:37:1:625] Info 50103 (RWClient:processRequest): reload key map file: s_reloadKeyMap: YES
    [2011/1/19 7:37:1:626] Debug 50103 (KeyEntry:replaceParams): report=rp_os424_mat_recon.rdf= userid=utimainapp@testdb rundebug=N
    O desformat=delimited destype=cache mode=bitmap mast_ext=roymask.xls p_start_dt=30-JUN-2009= p_end_dt=01-JAN-2010= p_srvc_id=31=
    p_sch_id=shashi= p_agnt_cd=1492544= p_user_id= p_sesn_id=
    [2011/1/19 7:37:1:626] Debug 50103 (RWClientUtility:isFromPortal): portal: null
    [2011/1/19 7:37:1:626] Debug 50103 (RWClientUtility:isFromPortal): webdbversion: null
    [2011/1/19 7:37:1:627] Info 50103 (RWClientUtility:findServer): Failed to bind to server: test
    [2011/1/19 7:37:1:627] Warning 50103 (RWClient:startInProcessServer): start inprocess server test
    [2011/1/19 7:37:1:657] Debug 50103 (NetworkUtility:getIOR): Found a server and returning the IOR
    [2011/1/19 7:37:1:658] Debug 50103 (ServerManager:getServer): Found server class object
    [2011/1/19 7:37:1:659] Debug 50103 (ServerManager:getServer): ping server successfully
    [2011/1/19 7:37:1:660] Debug 50103 (RWClientUtility:getReportsServer): server: test
    [2011/1/19 7:37:1:660] Debug 50103 (ServerManager:getServer): Found server class object
    [2011/1/19 7:37:1:660] Debug 50103 (ServerManager:getServer): ping server successfully
    [2011/1/19 7:37:1:661] Debug 50103 (AuthManager:getAuthId): server secure: false
    [2011/1/19 7:37:1:663] Debug 50103 (RWClientUtility:getReportsServer): server: test
    [2011/1/19 7:37:1:664] Debug 50103 (RWClientUtility:getReportsServer): server: test
    [2011/1/19 7:37:1:664] Debug 50103 (ServerManager:getServer): Found server class object
    [2011/1/19 7:37:1:665] Debug 50103 (ServerManager:getServer): ping server successfully
    [2011/1/19 7:37:1:666] Debug 50103 (RWClientUtility:isFromPortal): portal: null
    [2011/1/19 7:37:1:666] Debug 50103 (RWClientUtility:isFromPortal): webdbversion: null
    [2011/1/19 7:37:1:667] Debug 50103 (RWClient:runReport): cmdline: p_end_dt=01-JAN-2010= baseUrl=http://10.10.100.110:8890/report
    s/rwservlet/getfile/ userid=utimainapp@testdb USER_AGENT="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)" p_srv
    c_id=31= SERVER_NAME=10.10.100.110 jobname="rp_os424_mat_recon.rdf=" p_sesn_id= mast_ext=roymask.xls getFilestr=/no> imagekey=re
    ports9i p_user_id= REMOTE_ADDR=10.10.105.54 SERVER_PROTOCOL=HTTP/1.1 authid=RWUser p_start_dt=30-JUN-2009= mode=bitmap REMOTE_HO
    ST=10.10.105.54 destype=cache SERVER_PORT=8890 p_sch_id=shashi= report="rp_os424_mat_recon.rdf=" expiredays=0 ACCEPT_LANGUAGE=en
    -us desformat=delimited p_agnt_cd=1492544= SCRIPT_NAME=/rwservlet rundebug=NO
    [2011/1/19 7:37:1:668] Debug 50103 (ServerManager:getServer): Found server class object
    [2011/1/19 7:37:1:669] Debug 50103 (ServerManager:getServer): ping server successfully
    [2011/1/19 7:37:1:669] Debug 50103 (ReportRunner:connectToServer): New Connection request for userid: RWUser to server: test
    [2011/1/19 7:37:1:673] Debug 50103 (ReportRunner:connectToServer): Connection succeeded for user: RWUser to server: test
    [2011/1/19 7:37:1:709] Info 51022 (ReportRunner:Release): Connection object has been released
    [2011/1/19 7:37:1:711] Exception 110 (): File 'rp_os424_mat_recon.rdf=' not found.
    REP-0110: Unable to open file 'rp_os424_mat_recon.rdf='.
    oracle.reports.RWException: IDL:oracle/reports/RWException:1.0
    at oracle.reports.RWExceptionHelper.read(RWExceptionHelper.java:67)
    at oracle.reports.server._ConnectionStub.runJob(_ConnectionStub.java:504)
    at oracle.reports.client.ReportRunner.dispatchReport(ReportRunner.java:288)
    at oracle.reports.rwclient.RWReportRunner.dispatchReport(RWReportRunner.java:86)
    at oracle.reports.rwclient.RWClient.runReport(RWClient.java:1671)
    at oracle.reports.rwclient.RWClient.processRequest(RWClient.java:1525)
    at oracle.reports.rwclient.RWClient.doGet(RWClient.java:366)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
    at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
    at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:663)
    at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
    at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
    at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:285)
    at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:126)
    at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
    at java.lang.Thread.run(Thread.java:534)
    [2011/1/19 7:37:1:711] Debug 50103 (RWClientUtility:isFromPortal): portal: null
    [2011/1/19 7:37:1:711] Debug 50103 (RWClientUtility:isFromPortal): webdbversion: null
    [2011/1/19 7:37:1:716] Debug 50103 (RWClientUtility:isStatusFormat): statusformat: null
    [2011/1/19 7:37:1:717] Debug 50103 (RWClientUtility:isStatusFormat): statusformat: null
    [2011/1/19 7:37:1:717] (RWClient:doGet) ...exit

    HI,
    From where can I get access of the Doc id 341188.1. Could u tell me the solution? I'm stuck with it for more than 2 weeks.
    Thanks in advance.
    Regards,
    Shashi Ranjan

  • How to update cgicmd.dat file during runtime?

    I'd like to know how do update cgicmd.dat file during runtime. For example, I run a report one.jsp as
    http://<machine>:<port>/reports/rwservlet?one.jsp&USERID=uid/pwd@db&DESTYPE=cache&mode=bitmap&desformat=htmlcss
    within this report there is a hyperlink to open another report named two.jsp.
    before creating this hyperlink, I'd like to update cgicmd.dat file with passed in userID, pwd, and connection, so two.jsp can use this key for userinfo
    so I can create hyperlink as follows
    srw.set_hyperlink('/reports/rwservlet?report=two.jsp'||
    '&cmdkey=userinfo&DESTYPE=cache&mode=bitmap&desformat=htmlcss');
    Thanks

    To my knowledge the cgicmd.dat is only read when the OC4J starts, so you would have to come up with another solution. Using Single-Sign-On (SSO) is quite a good idea, and it's there for cases like this.
    Regards,
    Martin Malmstrom

  • Cgicmd.dat file usage

    Hi,
    I am generating my reports using the cgicmd.dat file in pdf format and my application is in web-based html.
    I have a report which passes 4 paramters and 2 of it is considered imortant (and dynamic according to user interaction in the begining) and should not be changed by the users. I have found out that by using the parameter forms like %P, %PT and %PC entry in the cgicmd.dat file would means that I cannot use other user parameters in the file entry, and so also in the reverse situation.
    But when I tried to put both of them (%P and %1..%4 for user parameters) together, then call up the reports with the parameter values included in the entry (like http://server/repserver/?repname+value1+v2+v3+v4), I seems to be able to pass the important values to the displayed parameter form while hiding them and asking the users to enter only the other 2 parameters which they may change.
    But then, when I submit the form, it gave me an error:
    ======================================================
    Error: The requested URL was not found, or cannot be served at this time.
    Oracle Reports Server CGI - Error occurred while parsing the Reports Server command line.
    ======================================================
    May anyone assist me on how I can make use of the parameter form and also passing in some values that are dynamic and cannot be changed by the users?
    Thank you in advance for your assistance!

    FYI...
    Our dev and prod are at the same levels. I was able to narrow the problem down further, however. It appears to be a row size problem. If I force a rownum < 1500 in my report's query, then it works fine on dev and prod. If I force a rownum < 2000, then it crashes the engine on prod. The reason it works on dev and not on prod is that the amount of data on dev is far less than prod. Also, I ran the report locally on my PC against the prod database and it gave me a little more info. The report appears to query all of the rows fine, but it gets an ArrayIndexOutOfBounds exception. Since the report comes back with all rows just fine using a DESFORMAT other than DELIMITED, I believe it's a bug with applying the delimiter when formatting the report. The admins say that we are a few patchsets behind, so I'm guessing it is a fixed bug already.
    Thanks.

  • Cgicmd.dat in formsweb.cfg?

    Hi,
    in my formsweb.cfg i have two alias that point to two different database.
    I have only one cgicmd.dat and don't want to change code of forms for invoking reports.
    I can put two different cgicmd.dat for pointing the two database ?
    Thanks.
    Best regards.
    Francesco

    I don't see any issue here. You have two alias in formsweb.cfg, each can point to its own database. And since you want to use the same codes for Forms and Reports that make it even more easier.

  • How to use the cgicmd.dat to specify a directory name for desname

    Hi folks,
    What I'm trying to do is use a command key to specify the directory for a file, specified via desname. Here's an example.
    cgicmd.dat
    custom_reports_dir: /some/directory/custom_reports
    Then I want to reference it via something like this..
    http://server:7777/reports/rwservlet?cmdkey=rpt_connect&destype=file&desname=custom_reports_dir/test.pdf&desformat=pdf
    Where in the above example, I'm trying to use the command key to specify a directory name, and then append a file name to it. It isn't working for me, is this possible to do? I figure since it's not an argument in itsself, it's being interpreted literally, rather than being substituted for the parameter.
    Thanks very much,
    -Adam vonNieda

    That depends on how you actually run your program in the first place. If you just use a batch file you could simply make the path to the javaw.exe relative (e.g. jre\javaw.exe �cp lib\myJar.jar com.MyClass). Or you could look into some third-party software that allows you to create installations packages for Java. I have used Zero G's InstallAnywhere before and they have support for you setting up their executables to use a bundled jre. I am sure all the other java install makers have similar functionality.
    Lance

  • Number of parameters possible in cgicmd.dat?

    Is it possible to have more than 10 parameters in the cgicmd.dat keyfile?
    I have a query that requires a lot of joins and would like to use parameters like
    param1=%1
    param20=%20.
    The problem seems to be that I can't use 2-digit parameters - I run into trouble as soon as I use something like %10. The cgi then substitutes the %1 value and errors on the '0' part.
    any help much appreciated!
    null

    Hi, Alan and John
    The following is written in the cgicmd.dat file ITSELF:
    ; Currently recognized special parameters:
    ; %0 - %9 - 0..9 arguments from original RWCGI60 URL request. Note that %0 refers to the key itself.Remember that you can also create different key maps for the same report (again in cgimap.dat) with some of the parameters already filled.
    Or you can use PARAMFORM=YES and use an HTML FORM to enter the parameters (if you are not calling the reports in BATCH mode).
    The limit of 9 parameters only applies for parameters that you would want to enter in the URL itself.
    Hope this helps,
    Pedro

  • Oracle 11g Fusion Middleware Control, CGICMD.DAT

    Finally, I have Weblogic and Oracle 11g Forms and Reports up and running.  Now, I would like to create a Mapping Key in the CGICMD.DAT file, so that all the login information will not show up in the URL when I run a report.  Can someone please tell me how to do this through the Middleware Control console?  I do know that i have to go through the MBeans System to find "CgicmdConfigMXBean" but it seems like trying to find a needle in a haystack.  Also, is there a specific format when creating a Mapping Key?  would like to include the path, userid information for connection to the reports.
    thank you,
    steven

    Your question belongs in {forum:id=84}
    John

  • Error REP-52005 while using cgicmd.dat file

    Hi,
    Per Oracle manual I added a simple key to cgicmd.dat
    statement: userid=uid/passwd@db report=stmt2.rdf
    Stopped and Started all 10gAS processes which includes Report service via OEM.
    Then I used the following URL in the browser,
    http:\\bigdaddy\reports\rwservlet?statement, I received the following error:
    REP-52005: The specified key statement does not exist in the key map file.
    Then I used one of the Oracle suppled keys such as oraqa. I received the simnlar message that it could not find key oraqa.
    What I did I need to do to fix this ?
    Thanks.
    Suresh

    Hi all,
    Resolved my own problem. You need to add %* as the last item of your key. From the documentation in cgicmd.dat it is not quite clear what it is supposed to do. So when I changed my key to
    statement: userid=uid/passwd@db report=stmt2.rdf %*
    it worked fine. Also, at least in 10gAS Midtier, you do not need to stop and start OC4J, OC4J_BI_forms or the report server as many have you believe.
    I checked if the key has been parsed by using the showmaps URL and clicking on parsed map file entries to see if the key has everything that I wanted it to have without re-starting anything.
    http://bigdaddy/reports/rwservlet/showmaps
    Suresh

  • Manupulation in  cgicmd.dat file...!

    Hi all I'm using Forms/Reports 9.0.1 ..My question is wether is it possible to make a key in cgicmd.dat file for "HOST" i.e.
    mykey:http://local11:8888/reports/rwservlet
    can i make a key like that ...???? If yes, then how to use it ... I have referred the mannual for that it says 'Key must be defined for parameters after the "?" sign in URL '...
    I want to hide the HOST path in URL of web.show_document command..
    Anybody,
    Thanx in advance
    Regards
    Percy

    Thanx for reply ..
    can i make key for whatever written on LEFT of "?"...
    Let me tell u first why i want to do this .. It might be possible that my host server might get changed in future & if it happens i ve to change the host name in every form where i wrote the web.show_document statement ... that could be a big headache...i dont want to do that..... So instead of modifying the statement in every form can i make a KEY in cgicmd.dat so that i will modify only the KEY and subsequent changes will reflect in every form...!!

  • Cgicmd.dat and do what with it???

    What do i need to put into the CGI and what do i need to add to my html string to hide the uname and pword.

    <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by the oracle reports team:
    hello,
    the cgicmd.dat is exactly for this reason.
    if you have in your cgicmd.dat e.g.
    foo: server=myserver1.world report=foo.rdf username=test/test@db
    foo2: server=myserver1.world report=foo2.rdf username=test/test@db
    you the invoke the reports using http://server.com/dev60cgi/rwcgi60.exe?foo
    or http://server.com/dev60cgi/rwcgi60.exe?foo2
    see online documentation for further details. there are multiple other parameters you can add to the CGI-key file
    regards,
    the oracle reports team<HR></BLOCKQUOTE>
    Hey,
    I have everything set up just like above and i keep getting a report server not specified error in the browser. I KNOW the server is specified in the .dat file. Help soon.

  • Cgicmd.dat & Reports server problem

    I have problem using key map file to access Reports from the Web.
    I have Reports Server configure and used with
    rwcgi60 placed at ..Apache\cgi-bin\
    It works fine with full url path (eg ..cgi-bin\rwcgi6?server=repserver+report=my.rdf+destype=cache+desformat=html+usedid=me/me@mydb) bu
    DOESN'T WORK when using keymap.
    I have cgicmd.dat place at ORACLE_HOME\REPORT\cgicmd.dat
    Apache is on another HOME.
    Does anyone can help ?
    null

    hello,
    did you check the server configuration file ? you have to specify where the server would find the cgicmd.dat file.
    regards,
    the oracle reports team

  • CGICMD.DAT and rwservlet

    Hi my friends
    Can I run a report using cgicmd.dat if I have installed only Oracle9i DS?
    I have my key in the cgicmd.dat file, I configured the rwservlet.propierties file and the URL is http://host:port/reports/rwservlet?key and the result is:
    REP-1202: ORACLE logon not specified.
    Because in the cgicmd.dat it´s write the user/pass@db
    Any reply, thank you

    Hi All-
    I am trying to make cmdkey works in oracle10g Reports Services.. In cgicmd.dat file...I had
    user_string: <user_id>/<password>@<dbstring>
    RELOAD_KEYMAP=yes
    When I use the URL
    http://<server_name>:7778/reports/rwservlet?report=myReport.RDF&destype=cache&desformat=html&cmdkey=user_string
    I get an error..
    REP-52005: The specified key user_string does not exist in key map file.
    Please help me how to fix this..I am not sure what I am missing..Thanks..
    Very Respectfully,
    AJ

  • Using the cgicmd.dat file

    In using the 9i report (pdf) format as a portlet
    for portal we are required to supply the OID resource
    under the ssoconn parameter . Since the numbers of users
    are high and there seems to be no way other assigning programatically the resources ..
    am wondering if i could use the cgicmd.dat file
    i have seen examples for thing for jsp's but i dint see one for the rdf( pdf) formats run via rwservlet..
    any pointer examplese would greatly help..
    deepa

    Hi Deepa,
    Take a look at the cgicmd.dat file that comes with the iAS installation
    ORACLE_HOME/reports/conf/
    This file has examples for rwservlet as well as for jsp's. To quote from this file:
    ; Oracle9iAS Reports Services ;
    ; CGICMD.DAT ;
    ; Example CGICMD.DAT Mapping file ;
    ; Syntax:
    ; KEY : VALUE
    ; Where:
    ;     KEY - the first argument of the rwservlet URL request (case insensitive).
    ;     VALUE - command line parameters and/or special parameters.
    ; Keys can be referenced in the following ways:
    ; 1. Parameter on command line to the reports servlet
    ; e.g. http://machine/servlet/rwservlet?KEY
    ; 2. Parameter on command line to a reports jsp
    ; e.g. http://machine/mydir/myreport.jsp?KEY
    ; 3. Within a reports jsp - in the rw:report custom tag
    ; e.g. <rw:report parameters="KEY">
    Also, you could take a look at the Publishing reports manual, Section 8.9
    http://otn.oracle.com/documentation/reports.html
    Navneet.

  • Oracle appsdba wdbsvr.app and cgicmd.dat

    Is it necessary to change the apps password in wdbsvr.app and cgicmd.dat, why should we change the apps password in both file? Is there any difference between both files?

    888747 wrote:
    Is it necessary to change the apps password in wdbsvr.app and cgicmd.dat, why should we change the apps password in both file? Is there any difference between both files?No, this was the case when changing the pass password was supported by the alter user command. Starting from FNDCPASS, you need to run AutoConfig and it will take care of updating those (and other) files.
    Make sure you always have the latest AutoConfig patches applied.
    Thanks,
    Hussein

Maybe you are looking for

  • Selection screen field values

    Hi, I created a selection screen with 2 fields. SELECTION-SCREEN begin of block selscr1 with frame title text-s01. example- PARAMETERS: p_ptr type BU_PARTNER,                          p_typ type BU_TYPE.     SELECTION-SCREEN begin of block selscr2 wi

  • Can I add a wi-fi hotspot to my private network?

    I have an existing private network in our home consisting of cat5 outlets hard-wired to a Cisco 2900 Catalyst switch and wi-fi for the laptop and palm pilot is via a Linksys WRT54GX4 wired to the switch, which in turn is fed via direct bury cat5 from

  • Iphone 4 sudden decrease in audio quality and right earphone not working

    This is really strange --- my iPhone 4 suddenly stopped playing music in the right headphone - in all headphones and even in my car AUX jack. Also, the sound in the left headphone is remarkably muffled and low quality. But if I pull the jack out a ti

  • Macbook Air, Logic board failure, what happens to data?

    Hello, My Macbook Air died today with 90% battery and will no longer turn on. SMC and PRAM reset did nothing, it's completely unresponsive. I think it's a logic board failure. I have a question regarding a repair with Apple; I realise they will repla

  • How to load turbotax on mac air with usb super drive

    i am trying to load turbo tax and cant get it to install.  i have a mac air and a usb superdrive.