Guest_imported
New member
- Jan 1, 1970
- 0
Hi,
I am calling viewreport.cwr from my asp page. I am able to view the source code of the viewreport.cwr by right clicking on the report output window, and see the user ID, password and all the selection criteria passed to the report. One of the main requirement from the users is, they want this report part to be more secured. Does anybody knows how to restrict the users from viewing the parameter information. I am herewith posting my source code.
Myreport.csp
<%@ Language=VBScript %>
<script language=Javascript>
function init()
{
var doc = window.opener.document.frmReportSearch ;
window.redirForm.id.value= doc.HidReport_ID.value;
window.redirForm.apstoken.value = doc.HidToken.value ;
window.redirForm.SF.value= doc.SF.value ;
window.redirForm.elements("user0"
.value= doc.HidDBUser.value ;
window.redirForm.elements("password0".value= doc.HidDBPassword.value;
window.redirForm.elements("promptex-TITLE".value = '"' + doc.HidFacility_Name.value + ', ' + doc.HidPeriod.value ; doc.HidFooter6.value ;
document.forms["redirForm"].submit();
}
</script>
<body onload=init()>
<Form form name="redirForm" method="POST" Action="viewrpt.cwr">
<Input Type=Hidden Name="user0" Value="">
<Input Type=Hidden Name="password0" Value="">
<Input Type=Hidden Name="id" Value="">
<Input Type=Hidden Name="apstoken" Value="">
<Input Type=Hidden Name="init" Value=":connect">
<Input Type=Hidden Name="PromptOnRefresh" Value="0">
<Input Type=Hidden Name="promptex-TITLE" Value="">
<Input Type=Hidden Name="promptex-Footer1" Value="">
<Input Type=Hidden Name="promptex-Footer2" Value="">
<Input Type=Hidden Name="promptex-Footer3" Value="">
<Input Type=Hidden Name="promptex-Footer4" Value="">
<Input Type=Hidden Name="promptex-Footer5" Value="">
<Input Type=Hidden Name="promptex-Footer6" Value="">
<Input Type=Hidden Name="SF" Value="">
</Form>
</body>
Here is the source I found from the Viewreport.cwr by right clicking on the viewer window.
<html>
<head>
<TITLE>Crystal Report Viewer</TITLE>
</head>
<SCRIPT LANGUAGE="JavaScript">
</SCRIPT>
<BODY BGCOLOR=C6C6C6 LANGUAGE=VBScript topmargin=0 leftmargin=0>
<OBJECT ID="CRViewer"
CLASSID="CLSID:C4847596-972C-11D0-9567-00A0C9273C2A"
WIDTH=100% HEIGHT=99%
CODEBASE="/viewer/activeXViewer/activexviewer.cab#Version=8,5,0,217">
<PARAM NAME="EnableDrillDown" VALUE=1>
<PARAM NAME="EnableExportButton" VALUE=1>
<PARAM NAME="DisplayGroupTree" VALUE=0>
<PARAM NAME="EnableGroupTree" VALUE=0>
<PARAM NAME="EnableAnimationControl" VALUE=1>
<PARAM NAME="EnablePrintButton" VALUE=1>
<PARAM NAME="EnableRefreshButton" VALUE=1>
<PARAM NAME="EnableSearchControl" VALUE=1>
<PARAM NAME="EnableZoomControl" VALUE=1>
<PARAM NAME="EnableSearchExpertButton" VALUE=0>
<PARAM NAME="EnableSelectExpertButton" VALUE=0>
</OBJECT>
<SCRIPT LANGUAGE="VBScript">
<!--
Sub window_onLoad()
Page_Initialize()
End Sub
Sub Page_Initialize
On Error Resume Next
Dim webBroker
Set webBroker = CreateObject("WebReportBroker.WebReportBroker"
if err.number <> 0 then
window.alert "The Crystal ActiveX Viewer is unable to create it's resource objects."
CRViewer.ReportName = "/myweb/Reports/viewrpt.cwr?id=528"
else
Dim webSource0
Set webSource0 = CreateObject("WebReportSource.WebReportSource"
webSource0.ReportSource = webBroker
webSource0.URL = "/tracitdc/Reports/viewrpt.cwr?id=528"
webSource0.PromptOnRefresh = False
webSource0.AddParameter "password0", "test"
webSource0.AddParameter "promptex-Footer1", """Date Range: Jan 01 2000 - Dec 31 2000"""
webSource0.AddParameter "promptex-Footer2", """Age Range: All Age"""
webSource0.AddParameter "promptex-Footer4", """Sex: Both Sexes"""
webSource0.AddParameter "promptex-Footer5", """Race: All Races"""
webSource0.AddParameter "promptex-Footer6", """Month: All Months"""
webSource0.AddParameter "promptex-TITLE", """TITLE, Jan 01 2000 - Dec 31 2000"""
webSource0.AddParameter "user0", "test"
webSource0.AddParameter "sf", "{TABLE.FIELD1}=1780735 AND {TABLE.BEGIN_DATE}>=Date('01/01/2000') AND {TABLE.END_DATE}<=Date('12/31/2000')"
CRViewer.ReportSource = webSource0
end if
CRViewer.ViewReport
End Sub
-->
</SCRIPT>
<OBJECT ID="ReportSource"
CLASSID="CLSID:F2CA2115-C8D2-11D1-BEBD-00A0C95A6A5C"
HEIGHT=1% WIDTH=1%
CODEBASE="/viewer/activeXViewer/activexviewer.cab#Version=8,5,0,217">
</OBJECT>
<OBJECT ID="ViewHelp"
CLASSID="CLSID:BD10A9C1-07CC-11D2-BEFF-00A0C95A6A5C"
HEIGHT=1% WIDTH=1%
CODEBASE="/viewer/activeXViewer/activexviewer.cab#Version=8,5,0,217">
</OBJECT>
<OBJECT ID="ReportParameter"
CLASSID="CLSID:71C140F3-1A84-430b-9035-68815582DC79"
HEIGHT=1% WIDTH=1%
CODEBASE="/viewer/activeXViewer/reportparameterdialog.cab#Version=8,0,2,672">
</OBJECT>
<div>
<!-- this empty div prevents IE from showing a bunch of empty space for the controls above.. I don't know why though. -->
</div>
</body>
</html>
I am calling viewreport.cwr from my asp page. I am able to view the source code of the viewreport.cwr by right clicking on the report output window, and see the user ID, password and all the selection criteria passed to the report. One of the main requirement from the users is, they want this report part to be more secured. Does anybody knows how to restrict the users from viewing the parameter information. I am herewith posting my source code.
Myreport.csp
<%@ Language=VBScript %>
<script language=Javascript>
function init()
{
var doc = window.opener.document.frmReportSearch ;
window.redirForm.id.value= doc.HidReport_ID.value;
window.redirForm.apstoken.value = doc.HidToken.value ;
window.redirForm.SF.value= doc.SF.value ;
window.redirForm.elements("user0"
.value= doc.HidDBUser.value ;window.redirForm.elements("password0"
.value= doc.HidDBPassword.value;window.redirForm.elements("promptex-TITLE"
.value = '"' + doc.HidFacility_Name.value + ', ' + doc.HidPeriod.value ; doc.HidFooter6.value ;document.forms["redirForm"].submit();
}
</script>
<body onload=init()>
<Form form name="redirForm" method="POST" Action="viewrpt.cwr">
<Input Type=Hidden Name="user0" Value="">
<Input Type=Hidden Name="password0" Value="">
<Input Type=Hidden Name="id" Value="">
<Input Type=Hidden Name="apstoken" Value="">
<Input Type=Hidden Name="init" Value=":connect">
<Input Type=Hidden Name="PromptOnRefresh" Value="0">
<Input Type=Hidden Name="promptex-TITLE" Value="">
<Input Type=Hidden Name="promptex-Footer1" Value="">
<Input Type=Hidden Name="promptex-Footer2" Value="">
<Input Type=Hidden Name="promptex-Footer3" Value="">
<Input Type=Hidden Name="promptex-Footer4" Value="">
<Input Type=Hidden Name="promptex-Footer5" Value="">
<Input Type=Hidden Name="promptex-Footer6" Value="">
<Input Type=Hidden Name="SF" Value="">
</Form>
</body>
Here is the source I found from the Viewreport.cwr by right clicking on the viewer window.
<html>
<head>
<TITLE>Crystal Report Viewer</TITLE>
</head>
<SCRIPT LANGUAGE="JavaScript">
</SCRIPT>
<BODY BGCOLOR=C6C6C6 LANGUAGE=VBScript topmargin=0 leftmargin=0>
<OBJECT ID="CRViewer"
CLASSID="CLSID:C4847596-972C-11D0-9567-00A0C9273C2A"
WIDTH=100% HEIGHT=99%
CODEBASE="/viewer/activeXViewer/activexviewer.cab#Version=8,5,0,217">
<PARAM NAME="EnableDrillDown" VALUE=1>
<PARAM NAME="EnableExportButton" VALUE=1>
<PARAM NAME="DisplayGroupTree" VALUE=0>
<PARAM NAME="EnableGroupTree" VALUE=0>
<PARAM NAME="EnableAnimationControl" VALUE=1>
<PARAM NAME="EnablePrintButton" VALUE=1>
<PARAM NAME="EnableRefreshButton" VALUE=1>
<PARAM NAME="EnableSearchControl" VALUE=1>
<PARAM NAME="EnableZoomControl" VALUE=1>
<PARAM NAME="EnableSearchExpertButton" VALUE=0>
<PARAM NAME="EnableSelectExpertButton" VALUE=0>
</OBJECT>
<SCRIPT LANGUAGE="VBScript">
<!--
Sub window_onLoad()
Page_Initialize()
End Sub
Sub Page_Initialize
On Error Resume Next
Dim webBroker
Set webBroker = CreateObject("WebReportBroker.WebReportBroker"
if err.number <> 0 then
window.alert "The Crystal ActiveX Viewer is unable to create it's resource objects."
CRViewer.ReportName = "/myweb/Reports/viewrpt.cwr?id=528"
else
Dim webSource0
Set webSource0 = CreateObject("WebReportSource.WebReportSource"
webSource0.ReportSource = webBroker
webSource0.URL = "/tracitdc/Reports/viewrpt.cwr?id=528"
webSource0.PromptOnRefresh = False
webSource0.AddParameter "password0", "test"
webSource0.AddParameter "promptex-Footer1", """Date Range: Jan 01 2000 - Dec 31 2000"""
webSource0.AddParameter "promptex-Footer2", """Age Range: All Age"""
webSource0.AddParameter "promptex-Footer4", """Sex: Both Sexes"""
webSource0.AddParameter "promptex-Footer5", """Race: All Races"""
webSource0.AddParameter "promptex-Footer6", """Month: All Months"""
webSource0.AddParameter "promptex-TITLE", """TITLE, Jan 01 2000 - Dec 31 2000"""
webSource0.AddParameter "user0", "test"
webSource0.AddParameter "sf", "{TABLE.FIELD1}=1780735 AND {TABLE.BEGIN_DATE}>=Date('01/01/2000') AND {TABLE.END_DATE}<=Date('12/31/2000')"
CRViewer.ReportSource = webSource0
end if
CRViewer.ViewReport
End Sub
-->
</SCRIPT>
<OBJECT ID="ReportSource"
CLASSID="CLSID:F2CA2115-C8D2-11D1-BEBD-00A0C95A6A5C"
HEIGHT=1% WIDTH=1%
CODEBASE="/viewer/activeXViewer/activexviewer.cab#Version=8,5,0,217">
</OBJECT>
<OBJECT ID="ViewHelp"
CLASSID="CLSID:BD10A9C1-07CC-11D2-BEFF-00A0C95A6A5C"
HEIGHT=1% WIDTH=1%
CODEBASE="/viewer/activeXViewer/activexviewer.cab#Version=8,5,0,217">
</OBJECT>
<OBJECT ID="ReportParameter"
CLASSID="CLSID:71C140F3-1A84-430b-9035-68815582DC79"
HEIGHT=1% WIDTH=1%
CODEBASE="/viewer/activeXViewer/reportparameterdialog.cab#Version=8,0,2,672">
</OBJECT>
<div>
<!-- this empty div prevents IE from showing a bunch of empty space for the controls above.. I don't know why though. -->
</div>
</body>
</html>