« Oracle Reports Migration Gotcha! Main | Summary Total Text in BIEE »

User Creds on a URL

By Tim Dexter on May 5, 2009 6:45 AM

A long while back I posted an entry on linking to a report via a URL. All was good but it only worked if you either:

1. Were hooking BIP up to SSO with your calling application or
2. You placed the report in the Guest folder which was unsecured.

Now, back in an earlier release the dev guys sneaked a feature out that I was vaguely aware of and thought I knew but it took the almighty Bryan Wise to remind me. You can now pass the username and password on the URL to avoid the two cases above and open up other possibilities.

You can just add the following parameters to your URL

&id=XXXXXX&passwd=YYYYYY

For example:

http://127.0.0.1:9704/xmlpserver/HR Manager/W2/W2.xdo?id=Administrator&passwd=Administrator

What about security? Well 'developer beware'!, I wanted some cool Latin phrase that no one would understand but the translators are a little funky in my opinion. Never the less, its a feature, its up to you if you want to use it, or maybe your security folks. So, now you know and I now have somewhere to point folks who ask me about it :)

Tags:

AddThis Social Bookmark Button

Comments (3)

David T:

Tim,
To make it a little more secure, you can make the link a FORM with method POST, so when they click it, it is submitted, and the URL does not contain the params (including the password), however anyone who right-click's and "View Source" can still see it before they click the URL.
Anyway, might be a little more secure for some...

Posted by David T | May 6, 2009 6:11 AM

Posted on May 6, 2009 06:11

Marco Weiland:

Hi Tim,

does it not make sense, to include for example a java lib, which can pass usrname and passwd encrypted to the url, so that u have a token which is legal for just a couple of minutes?

its not as complex as using a sso system, but it would be great benefit. we used that way for all our inhouse applications to realize sso behavior.

regards marco

Posted by Marco Weiland | May 8, 2009 7:58 AM

Posted on May 8, 2009 07:58

Michael:

Question:

Where can I find the option to change the Document URL in BI Publisher when sent as an email notification?

Posted by Michael | June 9, 2009 1:24 PM

Posted on June 9, 2009 13:24

Post a comment