Hi everyone,
I liked Crystal Enterprise until something terrible has happened this morning.
For two weeks I did one-on-one user trainings on how to run reports on-demand - that worked quite well! But today I trained multiple users at the same time. They were supposed to log in to E-portfolio with their users names and passwords. All of a sudden, some of them started seeing reports that were run by other users! A major security issue - picture this, a sales person getting commission rates for another sales person!!!
My e-portfolio is customized, so that the report viewer page passes user id (obtained through Enterprise authent.) to the report as the parameter. As long as it is one user who runs the report everything works fine - that makes me think that there is no problem in the code of csp page, but there is a flaw in Crystal Page Server which confuses user sessions and returns the page to "a wrong guy".
Any ideas, colleagues?
Thanks!!!
I liked Crystal Enterprise until something terrible has happened this morning.
For two weeks I did one-on-one user trainings on how to run reports on-demand - that worked quite well! But today I trained multiple users at the same time. They were supposed to log in to E-portfolio with their users names and passwords. All of a sudden, some of them started seeing reports that were run by other users! A major security issue - picture this, a sales person getting commission rates for another sales person!!!
My e-portfolio is customized, so that the report viewer page passes user id (obtained through Enterprise authent.) to the report as the parameter. As long as it is one user who runs the report everything works fine - that makes me think that there is no problem in the code of csp page, but there is a flaw in Crystal Page Server which confuses user sessions and returns the page to "a wrong guy".
Any ideas, colleagues?
Thanks!!!