URL reporting - Hide username and password
Hi all,
I am trying to display a report when a link is clicked by a user,I know this can be achieved by URL reporting.But any one who trys view the source of the file will be able to get the login information(aps-username/aps-password) from the file or they can view this info in the address bar.Is there any way of hiding this information?
Thanks
Manoj
Edited by: Manoj Thomas on Oct 9, 2009 4:23 PM
Well, you can hide logon credentials by passing the logon token to the APSTOKEN command in the URL.The other way is to use OpenDocument to view a report.
In both the cases you need to get the logon token programatically and then pass it on to the paramater. This way you can hide the credentials.
I assume that you have already gone through the following PDF:
[http://help.sap.com/businessobject/product_guides/boexir31/en/xi3-1_url_reporting_opendocument_en.pdf]
I have used it in my project and it works.
Similar Messages
-
Hide username and password while calling Oracle reports from forms11g
Is there any other methods to hide the username and password other than define keymapping in CGICMD.DAT file in oracle forms 11g.
Hope fully following code of procedure will eliminate the username and password.
PROCEDURE RUN_REPORT_OBJECT_PROC(
report_format VARCHAR2,
report_destype_name NUMBER,
report_file_name VARCHAR2,
report_otherparam VARCHAR2) IS
report_message VARCHAR2(1000):='';
rep_status VARCHAR2(1000):='';
vjob_id VARCHAR2(4000):='';
hidden_action VARCHAR2(7000):='';
v_report_other VARCHAR2(4000):='';
i number;
c char;
c_old char;
c_new char;
report_id REPORT_OBJECT;
report_server_name VARCHAR2(100); --Report Server Name
report_dest VARCHAR2(100); --Report Destination
reports_servlet VARCHAR2(100); --Report URL
report_path varchar2(100);
v_port varchar2(10);
BEGIN
reports_servlet := 'http://localhost:7778'/reports/rwservlet';
report_path := report_dest||report_file_name;
report_id:= find_report_object('rep_obj');
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_COMM_MODE,SYNCHRONOUS);
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_FILENAME,report_path);
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_SERVER,report_server_name);
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_DESTYPE,report_destype_name);
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_DESFORMAT,report_format);
hidden_action := hidden_action ||'&report=' ||GET_REPORT_OBJECT_PROPERTY(report_id,REPORT_FILENAME);
hidden_action := hidden_action ||'&destype=' ||GET_REPORT_OBJECT_PROPERTY(report_id,REPORT_DESTYPE);
hidden_action := hidden_action ||'&desformat='||GET_REPORT_OBJECT_PROPERTY(report_id,REPORT_DESFORMAT);
hidden_action := hidden_action ||'&userid=' ||GET_APPLICATION_PROPERTY(username)||'/'||
GET_APPLICATION_PROPERTY(password)||'@'||
GET_APPLICATION_PROPERTY(connect_string);
c_old :='@';
FOR i IN 1..LENGTH(report_otherparam) LOOP
c_new:= substr(report_otherparam,i,1);
IF (c_new =' ') THEN
c:='&';
ELSE
c:= c_new;
END IF;
-- eliminate multiple blanks
IF (c_old =' ' and c_new = ' ') THEN
null;
ELSE
v_report_other := v_report_other||c;
END IF;
-- save current value as old value
c_old := c_new;
END LOOP;
hidden_action := hidden_action ||'&'||v_report_other;
hidden_action := reports_servlet||'?_server='||report_server_name||hidden_action;
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_OTHER,'pfaction='||hidden_action||' '||report_otherparam);
report_message := run_report_object(report_id);
rep_status := report_object_status(report_message);
IF rep_status='FINISHED' THEN
vjob_id :=substr(report_message,length(report_server_name)+2,length(report_message));
WEB.SHOW_DOCUMENT(reports_servlet||'/getjobid'||vjob_id||'?server='||report_server_name,' _blank');
ELSE
null;
END IF;
END; -
Dear all ,
I am using 10g Application server .
How can i hide username , password and connect strig while running report on web by web show document ?one alternative solution for hiding username and password is
u can use frames.
all u hav to do is the connection code should be written in the frame.
cal this frame from where u hav to cal the report. -
Reporting Services username and password prompting
We have several branch office locations and one reporting services server. All of the branch office locations can access the reporting services server, but we have one location for the passed week, each time they make a connection to this server, it prompts
them for a username and password and will not allow them to connect even if the correct username and password is correct.
I have tried adding the server to the IE intranet/trusted site list. Set IE security on all zones to automatically logon with current username and password.
What is strange is that this is the only branch office site that is having this issue. It is almost like kerberos is broken for this site location only.
DOes anyone has any suggestions what could be causing this problem for all computers in this one location. Nothing has changed on their local servers nor have we pushed any updates to the machines.Hi bubba1984,
As per my understanding, I think this issue is caused by Kerberos authentication. Kerberos is an authentication protocol that allows clients that create authentication tokens to associate a specific destination to that token. In the failure case, there is
a mismatch between the destination specified in the token and the report server process configuration. Due to this mismatch, the underlying Kerberos authentication scheme supported by Windows prevents report server from authenticating the user.
To fix this issue, please try to remove RSWindowsNegotiate and ensure RSWindowsNTLM is specified in the rsreportserver.config file. For more details, please take the following article as reference:
http://blogs.msdn.com/b/lukaszp/archive/2008/03/26/solving-the-reporting-services-login-issue-in-the-february-ctp-of-sql-server-2008.aspx
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
How to Hide username and password in command line using maxl
Hi,
How to encript my user name and password in command line prompt when I am login to Essbase server using batch file:
*1_Here is my batch file:*
Name of the bat file AV_Assig_Var1.bat
rem This batch file defines the following variables:
set $1 = 'admin';
set $2 = 'password';
essmsh AV_Asig1.mxl admin password
===========================
*2_Here is my maxl file:*
Name of the bat file AV_Asig1.mxl
/* Create a process log */
spool on to 'D:\lova\spool_log.txt';
/* login (using variables from a batch file */
login $1 $2 on 10.42.100.229;
/* create application and database */
create application AV_Asig1;
create database AV_Asig1.AV_DB;
/* End process log */
spool off;
exit;
*3_Command line prompt*
D:\Ess>AV_Assig_Var1.bat
D:\Ess>rem This batch file defines the following variables:
D:\Ess>rem 1: username
D:\Ess>rem 2: password
D:\Ess>essmsh AV_Asig1.mxl admin password
Essbase MaxL Shell - Release 9.3.1 (ESB9.3.1.0.0A181)
Copyright (c) 2000, 2007, Oracle and/or its affiliates.
All rights reserved.
MAXL> login admin password on *10.46.100.222*; /* I want to hide this information */
OK/INFO - 1051034 - Logging in user [admin].
OK/INFO - 1051035 - Last login on Monday, June 14, 2010 12:44:03 PM.
OK/INFO - 1241001 - Logged in to Essbase.
MAXL> create application AV_Asig1;
OK/INFO - 1051061 - Application AV_Asig1 loaded - connection established.
OK/INFO - 1054027 - Application [AV_Asig1] started with process id [6792].
OK/INFO - 1056010 - Application AV_Asig1 created.
MAXL> create database AV_Asig1.AV_DB;
OK/INFO - 1054014 - Database AV_DB loaded.
OK/INFO - 1056020 - Database AV_Asig1.AV_DB created.
MaxL Shell completed
D:\Ess>
I am looking forward to inputs from anybody.
Thanks & Regards,
Deepthi.Beyond that thread, I gave a presentation at Kaleidoscope last year around MaxL that goes into quite a bit of depth re encryption and a whole bunch of other MaxL goodies.
To download it, go to www.odtug.com, click on Tech Resources, Essbase/Hyperion, and use the search box for MaxL.
There are two presentations, one by Tracy McMullen and the other by me. Tracy's is a good introduction to the various command groups; my presentation focused on a few areas in depth, one of which was encryption. The title is "Master Essbase with MaxL Automation".
You will need to join ODTUG to download the presentation, but there is a junior membership that is free.
Regards,
Cameron Lackpour
P.S. ODTUG Kaleidoscope 2010 is coming up in two weeks, starting on 27 June 2010 -- for those of you still on the fence, it is an awesome conference and I urge you all to come. The content this year will be fantastic. -
Opening an URL that needs username and password
Hello
I need to open an URL that needs an username and a password. I can open a normal URL like this:
URL direccion = new URL("http://169.254.30.3:554/modules/admin.htm");
I tried:
URL direccion = new URL("http://username:[email protected]:554/modules/admin.htm");
but it does not work. (If I write this in my browser it works)
Can you help me please?
ThanksLook here:
http://java.sun.com/j2se/1.4.2/docs/api/java/net/Authenticator.html -
Connecting to an URL with a username and password?
hey, I was trying to connect to a URL using:
URL url = new URL("http://%20:[email protected]/Status.htm");
but it gets the 401 access denied page...
Does anyone know how to get it to login correctly?See http://www.javaworld.com/javatips/jw-javatip47.html
-
Hiding usernames and passwords
We are attempting to access a form through a URL link from a
web page. The URL contains the username and password, but we
would like to hide this. We are on Forms 6i patchset 8. Reports
has a mechanism of hiding usernames in the url by altering the
config file. Is there any mechanism in forms to achieve this
result. Any help is appreciated.
Thanks.Can you check out the patch 8 white paper on the forms page. It has a section about passowrd hiding there.
I think that will help.
Regards
Grant Ronald
Forms Product Management -
Hiding Username and Password in Web Report URL
Hi there,
I am calling a report from my webforms using the WEB.SHOW_DOCUMENT built-in. The problem is that when using this, when the report or the parameter form is being displayed on the browser, the username and password is also displayed on the browser's URL bar with other report parameters.
Is there any way to surpress or hide the username and password? Please help as this raises some security issues.First off make sure your form
logs on using an ON-LOGON trigger
using the logon built in. Inside
a form level ON-LOGON trigger put the
following code (i.e.)
logon('username','password@database');
The password and database are concatenated together.
Then you can call reports without
puting the username and password in the
URL. Here are two examples.
web.show_document (i.e.)
web.show_document('URL_HERE','_blank');
or via a run_product (i.e)
Run_Product(REPORTS,'admin_req_snapshot',SYNCHRONOUS, RUNTIME, FILESYSTEM,plist,NULL);
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by hkpang ([email protected]):
Hi there,
I am calling a report from my webforms using the WEB.SHOW_DOCUMENT built-in. The problem is that when using this, when the report or the parameter form is being displayed on the browser, the username and password is also displayed on the browser's URL bar with other report parameters.
Is there any way to surpress or hide the username and password? Please help as this raises some security issues. <HR></BLOCKQUOTE>
null -
Prompting for UserName and Password when I click Report Server Web Service URLs in ssrs 2008 R2
Hi All,
I am using SQL Server Reporting services 2008 R2 . When I tried to open report server webservice URL in SSRS 2008 R2 It is prompting username and password. I tried to resolve the issue by deleting the <!--
<RSWindowsNegotiate/> --> line in rsreportserver.config but still I am getting the same prompt
and i tried by putting the server URL in trusted sites in IE also still no luck. I referred the below link 'http://blogs.msdn.com/b/lukaszp/archive/2008/03/26/solving-the-reporting-services-login-issue-in-the-february-ctp-of-sql-server-2008.aspx'
I am getting the same error.
Can anyone help me out to resolve this issue easily.
Thanks
DathyHi Dathy,
Generally, this is a very common issue in Reporting Services 2008 R2, the blog you post is a good blog that summary the common solutions. If it doesn’t help, could you please try the following:
Open Internet Explorer, go to Tools and click on Internet Options.
Under the Security tab, click on Trusted sites and click the Sites button and Add Report Manager/Report Server URL to the trusted sites.
Then click Custom Level, and check the option Automatic logon with current user name and password.
Repeat step 3 and step 4 for Local Intranet.
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
Run Crystal Report from URL includes username and password
Hello,
I've downloaded CR 2008, and CR Server 2008 demo's.
I'm trying to use a feature I've used with CR10 enterprise, and XI report server, where I can run a report direct from the URL.
Something like:
HTTP://scada-ho/crystal/enterprise/admin/en/viewrpt.cwr?id=381&init=actx&apsuser=administrator&apspassword=&apsauthtype=secenterprise
or
http://192.168.72.98/businessobjects/enterprise115/infoview/main.aspx?id=1024&init=actx&apssystem=hobprim&apsuser=visy&apspassword=Fillers3&apsauthtype=secenterprise
I've noticed that there were subtle syntax differences between CR10 Enterprise and XI report server in the past, and expect that similar differences exist with CR server 2008.
Could someone show me the syntax for CR Server 2008 to run a report from a URL, and pass the required username and password, without having to go through the infoview logon screenTim,
Thanks for the reply. I admit I did see that thread when I was looking for a solution.
My hesitance is that for a non programmer it looks very difficult, and a lot of settings.
I liked the URL reporting because of its simplicity - one line.
I know that it advertises the username and password, but for our requirement (intranet reporting, LAN separated from IT), its not a big risk.
My further investigations indicate that for CRS 2008 something like the following should work:
http://192.168.207.156/CrystalReports/view.aspx?id=1102&apsuser=administrator&apspassword=admin1&apsauthtype=secEnterprise&init=java
However I get
404 - File or Directory not found.
I'm running on Windows7 with IIS7, so I think it must be an IIS configuration issue
Any Ideas? -
When using a URL it always asks for a username and password
I’ve just started using the Windows version of OracleXE.exe with Apex3.1 and I would like to create a menu web-page holding a list of URL’s that can be configured by inserting records into a simple table. I am having problems with multiple authentication user-name and password. I can read the table and create a URL within a web-page swapping the text “#SESSION#” with the &Session.
But each time I open a new application within the same schema I get the login page (when that user has already connected with their password).
Test data:
create table x_url_table(url varchar2(256),display_text varchar2(32));
insert into x_url_table values ('http://127.0.0.1:8080/apex/f?p=106:1:#SESSION#:::','query country details');
insert into x_url_table values ('http://127.0.0.1:8080/apex/f?p=108:2:#SESSION#:::','simple select as a test ');
From the Application Builder page I choose:
"Create" -> "Create Application" -> “add Page" [I entered the table name x_url_table[and implementation set to classic]] -> “Next” [no tabs] -> “Next” [no for shared components] -> “Next” [Application Express for Authentication] -> “Next” -> “Create”
When I press the run-page-icon it displays the URL like below(if I click-it it does not open webpage):
http://127.0.0.1:8080/apex/f?p=106:1:#SESSION#::: query country details
http://127.0.0.1:8080/apex/f?p=108:2:#SESSION#::: simple
I then tried “edit-page”-> “edit-region” -> “region source” I swapped the SQL for this:
SELECT
replace(a.url ,'#SESSION#','&SESSION.') as url
, a.display_text
FROM x_url_table a
Plus I then added a link “edit-page”-> “edit-region”-> clicked the tab “Report Attributes”->clicked the “add column link”
Scroll down to “column link”
“Link Text” I set to #DISPLAY_TEXT#
“Target” choose the L.O.V option “URL”
“URL” I set to #URL#
Push apply button
Press the run-page icon it displays everything correctly (see below) but when I click-the-URL it asks me again for the login screen with a user/password request.
Can this be bypassed?
As, I am already connected to the schema using the same username and password!
How do I allow my current session to automatically log me in to a different page?
link Url Display Text
query country details http://127.0.0.1:8080/apex/f?p=106:1:1331572188999480::: query country details
simple select as a test http://127.0.0.1:8080/apex/f?p=108:2:1331572188999480::: simple select as a test
so what do I need to do login just once!Steve,
See this thread:
Application Link
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.opal-consulting.de/training
http://htmldb.oracle.com/pls/otn/f?p=31517:1
------------------------------------------------------------------- -
Web reports prompts me to input username and password in bw
Hi all.
When I access web reports from bw.
It will open a IE, then go to one url ( which is located in ITS ), and IE prompts me to input a valid username and password.
Its very strange, because I have already logged on that BW.
Is it possible to avoid this prompt ?Gu,
Can you give us the URLs that you are using , is it that the URLs are different ?
The URL is usually
http://<yourserver>:port/sap......
assuming that the URLs are
URL 1 ( which is currently opening in IE )
http://<yourserver1>:port/sap......
URL 2 ( for which the login is being asked for)
http://<yourserver2>:port/sap......
if yourserver1 and yourserver2 are different , then a logon is required.
Hope it helps..
Arun
Assign points if useful -
Possible to Pass Username and Password to ADF URL?
Hi,
We are building a cache flow for pre-caching some pages after a server bounce. Ideally, rather than go through the sign on page, we could have direct urls for our program to execute for our test user that would include username and password. As we are not concerned with security in this environment, we are ok with having such a solution for this particular use case.
Are there delivered parameters with all adf apps that would allow us to construct such a URL?
Thanks!I know you aren't worried about security, but it's worth understanding that HTTPS will hide the URL parameters:
http://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/
As noted in the article the parameters can still "leak", but HTTPS provides you a mechanism to at least hide the parameters from network sniffers which are incredibly easy to install on the network (and remembering most security breaches come from within an organisation, not outside).
CM. -
Dynamically pass the username and password to report server to invoke reports
Hi
The scenario is as follows:-
9iAS is installed under - Windows 2000 (web server and report Server 6i) and everything works fine.
We have developed a page using pl/sql cartrige (oracle 8i), from that a report is invoked with some parameters. However, the userid and password is stored under keymap file (cgicmd.dat).
Is there anyway to pass dynamically the username and password to report server in order to invoke the report.?
Can any one advise?
nullCheck out
http://serverfault.com/questions/371907/can-you-pass-user-pass-for-http-basic-authentication-in-url-parameters
Kind regards,
Margriet Bruggeman
Lois & Clark IT Services
web site: http://www.loisandclark.eu
blog: http://www.sharepointdragons.com
Maybe you are looking for
-
The world clock on my IPOD touch is not telling the correct time
My IPOD touch world clock is not displaying the correct time and the edit feature is not working to change the time
-
Auto provisioning for AD is not working in oim11gr2
Hi All, I have current environment as OIM 11.1.2.0.7 and AD connector MSFT_AD_Base_11.1.1.5.0 with patch applied 14190610 and Connector_Server_111200 I configured an auto provisioning to AD I created an access policy based on a role MSAD Users. i am
-
How do I remove the Adobe Premiere Elements Trail Version Sign from my video?
I'm making a video using the Adobe Premiere Elements, but they have a trail version logo across the screen so I cannot fully make a video without that showing. Is there any possible way that I can remove it? Thanks!
-
Encountered Error code 15 - installation failed (note refers to camera raw R 8.8.0 has changed)
I am running a Mac with OS X 10.7.5. I do have multiple versions of Adobe applications in my applications folder (CS5, CS6,CC, CC 2014). This error occurred when downloading Bridge CC. Which version(s) of Adobe products is/are likely to be in conf
-
How can I get reader 11 to read out loud?