Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem with multiple users running on-demand report simultaneously 1

Status
Not open for further replies.
akuchin

akuchin

IS-IT--Management
May 7, 2002
14
0
0
US
Hi everyone,
I liked Crystal Enterprise until something terrible has happened this morning.
For two weeks I did one-on-one user trainings on how to run reports on-demand - that worked quite well! But today I trained multiple users at the same time. They were supposed to log in to E-portfolio with their users names and passwords. All of a sudden, some of them started seeing reports that were run by other users! A major security issue - picture this, a sales person getting commission rates for another sales person!!!
My e-portfolio is customized, so that the report viewer page passes user id (obtained through Enterprise authent.) to the report as the parameter. As long as it is one user who runs the report everything works fine - that makes me think that there is no problem in the code of csp page, but there is a flaw in Crystal Page Server which confuses user sessions and returns the page to "a wrong guy".
Any ideas, colleagues?
Thanks!!!
 
Sort by date Sort by votes
I hope you have reported this one to Seagate... and "oh my" "eek" "your kidding" come to mind... so glad I haven't put any REALLY sensitive reports on the server so far.

Lisa
 
Upvote 0 Downvote
Yes, I'm working with Crystal on this as I type this message. They put me on hold...
So far they keep on trying to find a problem in my code. As usual for such instances, I'm confident that the code is fine. You know, it works when reports are run standalone. Why isn't the darn thing working for multiple users with simultaneous access? To me, it sounds like a platform problem.
 
Upvote 0 Downvote
I continue to update this thread, as I consider the subject of security problems with reporting software to be generally an important one.
After a couple of days of working with Crystal, I still don't have the solution to my problem - namely, users that view reports get to see each other's instances.
The last recommendation from Crystal was to pass the user parameter to the report through the URL, instead of passing it to report object. However, wouldn't it passing the user id through URL be another security compromise?
 
Upvote 0 Downvote
O.K. we're kinda new to CE8.0 (about a year) but let me take a stab at this one.

I "think" what might be happening is that in your Cache Server settings in the CMC there is a setting for "Minutes Between Refreshes from Database" that is set to a default of 5 Minutes.

Thus, if a 2nd user opens up the same report within 5 minutes of the 1st user running the report, CE does NOT run the report, rather,it delivers the Cached report from the 1st user. (2nd user has to hit the Lightening Bolt to get his Parameters)

Possibly setting this setting to 0 will eliminate this problem
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lavadan
  • Locked
  • Question
Export to excel with drop down data
Replies
2
Views
70
hilfy
hilfy
hpl2001
  • Locked
  • Question
BI4/Crystal 2016 upgrade issue with scheduled reports
Replies
1
Views
62
hilfy
hilfy
allyne
  • Locked
  • Question
Hello, I have a main report and a
Replies
1
Views
59
kray4660
kray4660
allyne
  • Locked
  • Question
RE: Sub Reports with parameters 1
Replies
3
Views
63
allyne
allyne
smmaruf82
  • Locked
  • Question
How to Fixed 4 Column in Crystal Report Crosstab
Replies
1
Views
61
lbass
lbass

Part and Inventory Search

Sponsor

Back
Top