Hi
Okay we have a security issue with some of the reports we are running. That is there is nothing to stop someone changing the query string appended onto the URL that filters the report allowing them access to records they are not allowed to see. Does anyone have any suggestions as to how to get around this?
One idea is that on request of a report, a field in the report database is given the value of the WHERE clause is there any way then that my report can pick up this field and use it as the WHERE clause to filter on?
Sorry my description is not very clear, but I'm not entierly sure of the termanology. Basically we are trying to find an alternative way to sending information to a report other than appending it to the URL.
Any help is greatly appreciated
Thanks in advance
Okay we have a security issue with some of the reports we are running. That is there is nothing to stop someone changing the query string appended onto the URL that filters the report allowing them access to records they are not allowed to see. Does anyone have any suggestions as to how to get around this?
One idea is that on request of a report, a field in the report database is given the value of the WHERE clause is there any way then that my report can pick up this field and use it as the WHERE clause to filter on?
Sorry my description is not very clear, but I'm not entierly sure of the termanology. Basically we are trying to find an alternative way to sending information to a report other than appending it to the URL.
Any help is greatly appreciated
Thanks in advance