Home » Developer & Programmer » Application Express, ORDS & MOD_PLSQL » Hide schema name,username and password from url (Oracle Apex 4.2, OS-windows7)
Hide schema name,username and password from url [message #658962] Mon, 02 January 2017 06:58 Go to next message
apexmahfuj
Messages: 1
Registered: January 2017
Junior Member
Hi,

I have called a rdf report (10g) from an apex page by passing three parameters and its working.

My report runs without no error.

But what have I found that the whole information such as schema name,user_name,password are showing in the path,

Which is very unsecured for me. And if anyone will try to enter my schema and to steal my information ,it will be possible.

I am using oracle Apex 4.2 version.

OS windows 7.

The report path is as well as given here---

192.168.20.000:8889/reports/rwservlet?destype=cache&desformat=pdf&report=D:\ubill_rep\UBILL_PRINT.rdf&userid=ebc/ebc@ubil l&PMODE='D'&%0A%0ALCUST_NUM=9113040&SBILLCYCLE=201611



So Its crying need for me to hide this all information from the report path.I need the solution as soon as possible.
Re: Hide schema name,username and password from url [message #658966 is a reply to message #658962] Mon, 02 January 2017 14:01 Go to previous message
Littlefoot
Messages: 21225
Registered: June 2005
Location: Croatia, Europe
Senior Member
Account Moderator
Well, I can share some thoughts.

On the IAS, go to reports\conf directory. In there you'll find the CGICMD.DAT file. It is used for the purpose you describe. By defining the "report", you specify report name, connection string, number of parameters (up to 10) you want to pass to the report. A sample line (within the CGICMD.DAT file) looks like this:
calc_spec: server=rep_ias report=calc_spec.rdf userid=rac/nic@ora10g destype=cache desformat=PDF %1 %2
(%1 and %2 represent two parameters report accepts).

When calling the report, I do it through the dynamic action which has two steps: in PL/SQL procedure I create the whole URL, while in JavaScript part I just call the report. PL/SQL part looks like this:
begin
  :P159_URL := 
    'http://my-server/reports/rwservlet?' ||
    'calc_spec'                           ||
    '&par_id_obj='   || :P159_ID_OBJ      ||
    '&par_id_type='  || :P159_ID_TYPE;
end;
(par_id_obj and par_id_type are report's parameters; their values are created by appending Apex page items' values).

JavaScript:
window.open($x('P159_URL').value);

The final result (P159_URL):
http://my-server/reports/rwservlet?calc_spec&par_id_obj=TS&par_id_type=12

As you already have the reports server running, you have the RDF file, know the parameters, I believe you'll be able to make it work. Good luck!
Previous Topic: apex 5.0 to Apex 5.1
Next Topic: Error while executing EXEC DBMS_XDB.SETHTTPPORT
Goto Forum:
  


Current Time: Sat Nov 18 08:04:51 CST 2017

Total time taken to generate the page: 0.01376 seconds