I was going to setup jasper server beside aware on my aws server. When I pass a URL to the jasper server (with a username and password) from aware I am concerned about displaying the TenantID in the URL. The ID could be changed in the browser and could show data from another tenant if the user wanted to try, any someone probable will.
I was thinking of generating a unique long string like those used in API-Keys and getting the jasper SQL to find the TenantID.
Is there a safer way to pass the ID to Jasper from aware?
Jasper Server URL and TenantID
Jasper Server URL and TenantID
Regards, James
AwareIM 7.1 on AWS - Beware I'm a AwareIM noob. Anything I help you with might make the hole your in deeper.
AwareIM 7.1 on AWS - Beware I'm a AwareIM noob. Anything I help you with might make the hole your in deeper.
Re: Jasper Server URL and TenantID
Just pulling this out of my "you know where..."
BUT, what about if you had a BO with 2 fields. ID and Tennant #.
Prior to calling jasper you add a record to this table with the T#, then retrieve the ID. Pass this ID to Jasper, it can look up the T# and then, you delete this record. So even if someone was "sniffing" and saw the ID, it would be useless to them.
(of course, instead of ID, you can have a random # or ???)
Bruce
BUT, what about if you had a BO with 2 fields. ID and Tennant #.
Prior to calling jasper you add a record to this table with the T#, then retrieve the ID. Pass this ID to Jasper, it can look up the T# and then, you delete this record. So even if someone was "sniffing" and saw the ID, it would be useless to them.
(of course, instead of ID, you can have a random # or ???)
Bruce