Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Please help with security issue 2

Status
Not open for further replies.
CRuser89

CRuser89

Programmer
May 18, 2005
79
US
Hello everyone,

There is a web application that I run which has crystal reports and is viewed with a crystal reports viewer. When I close out of the application and browser completely, then open a new browser, go to the View menu -> explorer bar -> history, I can still pull up the viewer and see the previous report data. Is there anyway to fix this so that this information is not displayed in the history?

Thanks,
Tracy
 
Sort by date Sort by votes
Hi,Do you require a login to run the report? If not, then anyone who can find that URL can run it..





[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
Hello Turkbear. Thank you for the prompt response. There is only a password required when logging into the application but no password required for the reports themselves. Are there any settings in CR that can be used to prevent this?

Thanks,
Tracy
 
Upvote 0 Downvote
You need to provide a log out in the app.

As with this site, close the app, then paste the url in again, you've been cookied and it will bring you right back without a login.

Closing a web app does NOT sign you out.

-k
 
Upvote 0 Downvote
Hi,
With CE10, If there is no security In CE itself ( that is the 'everyone' group has 'view on demand' permission on the report) then anyone who has the URL will be able to run the report with no authentication needed.
How does the app call the report?




[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
Hello Turkbear,

I'm not too famliar with the backend of the application so I wouldn't be able to tell you how it calls the report.

We're using CR 9.

Thanks,
Tracy
 
Upvote 0 Downvote
Hi,
Actually I mis-spoke [blush] about the ease of running the report without logging in..Even with the settings I stated, the URL would need to include the apsname and apsauthtype parameters to avoid a login screen..

What is the URL that ends up in your History ?
( for security, change the server address before posting it)





[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
Hi,
Ah,I forgot this is CR not CE.[banghead]

Not sure if anything can prevent anyone ( with access to the server and to this URL) form running the report..



[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Halliarse
  • Locked
  • Question
Installing CR for use with VS2012
Replies
1
Views
379
hilfy
hilfy
foru11
  • Locked
  • Question
How to make the vertical lines end with the details
Replies
3
Views
194
pmax9999
pmax9999
RedLlama
  • Locked
  • Question
Will Crystal Report 9.0 for Visual Studio .net work with MICROS?
Replies
1
Views
104
IdoMillet
IdoMillet
Cardstang
  • Locked
  • Question
Subreports with shared variables - I think?
Replies
2
Views
79
Madawc
Madawc
stroyer74
  • Locked
  • Question
Crystal Reports with Visual Studio and SQL Express
Replies
8
Views
236
stroyer74
stroyer74

Part and Inventory Search

Sponsor

Back
Top