Hello FS Team! We created a reporting web api based on Crystal Reports so that we can execute the needed reports by the following link: http://host:port/reports/RepViewerParam?rptName=RepExample.rpt&conStr=jdbc:oracle:thin:@blablabla&userRpt=demo&pwdRpt=demo&p_Datebegin=10.05.2013&p_Dateend=12.07.2013
As you can see the db user and password are in the address line in the current jsp implementation. So the question is the following: can we hide (wrap) this using FS tools or we will need to handle it on the JSP side? The issue is not major as reporting user locates in separate scheme in another db using synonyms based on views and db links but it is not "right" way to show db creds in the brouser address line so I was thinking about something like a simple frame.
Probably there are some other options.
Thanks in advance for the answer.
asked 16 Jul '13, 11:09
You are correct that this is not the best way to create a URL. Parameters like these are best kept away from the URL String.
The solution for this has not much to do with Formspider but PL/SQL. You can create a randomly generated string (a "token" if you will), store this token in a table (along with any value you want in a separate column in the table) and send this token in the URL.
Next, when this URL comes back to the server, you can read the token and validate it against the table. Read any information associated with the token and act accordingly.
You can do the same with Java as well. The algorithm does not change.
Hope this helps.
answered 17 Jul '13, 11:53