Hello.
I have a report with parameter called "parm1", that gets a value of
"true" or "false" depanding on another parameter.
When the report is runnig the parm1 value is "false".
How can I protect this parameter from a change by the user?
I mean - the user can run the report and then add to the url "¶m1
= true".
Can I do anything against that?
I tried marking it as "internal" and I thought that now it can get his
value only from inside the report but it didn't worked.
Any ideas?
Thanks.Can you use session variables instead of a querystring?
On Oct 25, 12:54 pm, nicknack <roezo...@.gmail.com> wrote:
> Hello.
> I have a report with parameter called "parm1", that gets a value of
> "true" or "false" depanding on another parameter.
> When the report is runnig the parm1 value is "false".
> How can I protect this parameter from a change by the user?
> I mean - the user can run the report and then add to the url "¶m1
> = true".
> Can I do anything against that?
> I tried marking it as "internal" and I thought that now it can get his
> value only from inside the report but it didn't worked.
> Any ideas?
> Thanks.|||What do you mean by "session variables" ?
I didn't know there are "session variables" in reporting server.
Can you explain please?|||He is integrating his own website with RS. There is no session variables in
RS.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"nicknack" <roezohar@.gmail.com> wrote in message
news:1193337080.315943.85980@.z24g2000prh.googlegroups.com...
> What do you mean by "session variables" ?
> I didn't know there are "session variables" in reporting server.
> Can you explain please?
>|||If the point of this parameter is to use it as a query parameter then you
don't even need it as a report parameter.
Go to your dataset that uses this parameter, click on the ..., parameters
tab. This shows the mapping between query parameters and report parameters.
Change the mapping for this parameter to expression and put in the
expression that evaluates appropriately to true or false depending on the
other parameter. Then in the layout tab menu Reports->Report Parameters
delete the existing report parameter that is now not needed.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"nicknack" <roezohar@.gmail.com> wrote in message
news:1193331267.699414.296020@.k79g2000hse.googlegroups.com...
> Hello.
> I have a report with parameter called "parm1", that gets a value of
> "true" or "false" depanding on another parameter.
> When the report is runnig the parm1 value is "false".
> How can I protect this parameter from a change by the user?
> I mean - the user can run the report and then add to the url "¶m1
> = true".
> Can I do anything against that?
> I tried marking it as "internal" and I thought that now it can get his
> value only from inside the report but it didn't worked.
> Any ideas?
> Thanks.
>|||Hi Bruce,
Thanks for the idea.
Thats the best solution I have received so far.
To bad microsoft didn't thought about a simple way to protect the
parameter instead of beating around the bushes.
I'll try your solution soon.
Thanks again.|||"nicknack" <roezohar@.gmail.com> wrote in message
news:1193398666.577502.193620@.y42g2000hsy.googlegroups.com...
> Hi Bruce,
> Thanks for the idea.
> Thats the best solution I have received so far.
> To bad microsoft didn't thought about a simple way to protect the
> parameter instead of beating around the bushes.
Well, if you don't want the parameters (or even report URLs) to be visible
at all, why don't you use ReportViewer control INSIDE your page instead of
calling the whole page from SSRS?
Regards,
Dmitry|||Hi Dmitry,
Thanks for your replay but its not a solution.
I still can't understand how can it be that there isn't any way to
protected my parameters.
The report viewer control has his own problems and I really don't see
a reason to use a new ASPX page with another .net control instead of
just opening a new window with a report just because of this this bug
(and in my opinion it is a bug).
Amm, Sorry for taking it all on you but I'm really frustrated from
this issue.
On 27 , 15:45, "Dmitry Duginov" <d...@.nospam.nospam> wrote:
> "nicknack" <roezo...@.gmail.com> wrote in message
> news:1193398666.577502.193620@.y42g2000hsy.googlegroups.com...
> > Hi Bruce,
> > Thanks for the idea.
> > Thats the best solution I have received so far.
> > To bad microsoft didn't thought about a simple way to protect the
> > parameter instead of beating around the bushes.
> Well, if you don't want the parameters (or even report URLs) to be visible
> at all, why don't you use ReportViewer control INSIDE your page instead of
> calling the whole page from SSRS?
> Regards,
> Dmitry|||"nicknack" <roezohar@.gmail.com> wrote in message
news:1193518754.655684.319300@.o3g2000hsb.googlegroups.com...
> Hi Dmitry,
> Thanks for your replay but its not a solution.
> I still can't understand how can it be that there isn't any way to
> protected my parameters.
> The report viewer control has his own problems and I really don't see
> a reason to use a new ASPX page with another .net control instead of
> just opening a new window with a report just because of this this bug
> (and in my opinion it is a bug).
> Amm, Sorry for taking it all on you but I'm really frustrated from
> this issue.
Well, the way you are showing your report right now is called "URL
integration" if memory serves me right. That means that your report is 100%
relying on the URL string it is getting from the application, user or
someone/somebody else.
In the browser (surprise?), any URL is visible. No only your user can change
true to false, they can substitute different report name if you don't take
care about security.
It is generally a bad idea to expose any parameters that can be modified by
user, presenting security breach.
You said that the parameter in question (true/false) somehow depends on
another one, right? But your user can tweak that parameter as well, you
know...
Regards,
Dmitry|||On 29 , 16:00, "Dmitry Duginov" <d...@.nospam.nospam> wrote:
> "nicknack" <roezo...@.gmail.com> wrote in message
> news:1193518754.655684.319300@.o3g2000hsb.googlegroups.com...
> > Hi Dmitry,
> > Thanks for your replay but its not a solution.
> > I still can't understand how can it be that there isn't any way to
> > protected my parameters.
> > The report viewer control has his own problems and I really don't see
> > a reason to use a new ASPX page with another .net control instead of
> > just opening a new window with a report just because of this this bug
> > (and in my opinion it is a bug).
> > Amm, Sorry for taking it all on you but I'm really frustrated from
> > this issue.
> Well, the way you are showing your report right now is called "URL
> integration" if memory serves me right. That means that your report is 100%
> relying on the URL string it is getting from the application, user or
> someone/somebody else.
> In the browser (surprise?), any URL is visible. No only your user can change
> true to false, they can substitute different report name if you don't take
> care about security.
> It is generally a bad idea to expose any parameters that can be modified by
> user, presenting security breach.
> You said that the parameter in question (true/false) somehow depends on
> another one, right? But your user can tweak that parameter as well, you
> know...
> Regards,
> Dmitry
Hi again,
Thanks for your replay.
I see the logic behind your answer.
I will try to find another way to use the parameter.
Maybe by try to use a hidden textbox or something like that.
Thanks again.
Roy.|||Hi Bruce,
Just now I tried your solution again and understand what you meant.
It work fine and it is exactly what I wanted.
Thanks a lot,
Roy.
On 25 , 21:00, "Bruce L-C [MVP]" <bruce_lcNOS...@.hotmail.com>
wrote:
> If the point of this parameter is to use it as a query parameter then you
> don't even need it as a report parameter.
> Go to your dataset that uses this parameter, click on the ..., parameters
> tab. This shows the mapping between query parameters and report parameters.
> Change the mapping for this parameter to expression and put in the
> expression that evaluates appropriately to true or false depending on the
> other parameter. Then in the layout tab menu Reports->Report Parameters
> delete the existing report parameter that is now not needed.
> --
> Bruce Loehle-Conger
> MVP SQL Server Reporting Services
> "nicknack" <roezo...@.gmail.com> wrote in message
> news:1193331267.699414.296020@.k79g2000hse.googlegroups.com...
> > Hello.
> > I have a report with parameter called "parm1", that gets a value of
> > "true" or "false" depanding on another parameter.
> > When the report is runnig the parm1 value is "false".
> > How can I protect this parameter from a change by the user?
> > I mean - the user can run the report and then add to the url "¶m1
> > = true".
> > Can I do anything against that?
> > I tried marking it as "internal" and I thought that now it can get his
> > value only from inside the report but it didn't worked.
> > Any ideas?
> > Thanks.|||Glad it worked for you.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"nicknack" <roezohar@.gmail.com> wrote in message
news:1194248091.562106.284270@.k79g2000hse.googlegroups.com...
> Hi Bruce,
> Just now I tried your solution again and understand what you meant.
> It work fine and it is exactly what I wanted.
> Thanks a lot,
> Roy.
> On 25 , 21:00, "Bruce L-C [MVP]" <bruce_lcNOS...@.hotmail.com>
> wrote:
>> If the point of this parameter is to use it as a query parameter then you
>> don't even need it as a report parameter.
>> Go to your dataset that uses this parameter, click on the ..., parameters
>> tab. This shows the mapping between query parameters and report
>> parameters.
>> Change the mapping for this parameter to expression and put in the
>> expression that evaluates appropriately to true or false depending on the
>> other parameter. Then in the layout tab menu Reports->Report Parameters
>> delete the existing report parameter that is now not needed.
>> --
>> Bruce Loehle-Conger
>> MVP SQL Server Reporting Services
>> "nicknack" <roezo...@.gmail.com> wrote in message
>> news:1193331267.699414.296020@.k79g2000hse.googlegroups.com...
>> > Hello.
>> > I have a report with parameter called "parm1", that gets a value of
>> > "true" or "false" depanding on another parameter.
>> > When the report is runnig the parm1 value is "false".
>> > How can I protect this parameter from a change by the user?
>> > I mean - the user can run the report and then add to the url "¶m1
>> > = true".
>> > Can I do anything against that?
>> > I tried marking it as "internal" and I thought that now it can get his
>> > value only from inside the report but it didn't worked.
>> > Any ideas?
>> > Thanks.
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment