Starting with 11g Release 1 (11.1.1), Oracle Reports allows you to generate random and non-sequential job IDs to make it impossible to predict the job ID for a particular job.
This would prevent malicious users from viewing non-secure report output by typing the job id in a URL.
Therefore to strengthen the Oracle Reports component, enable random and non-sequential job IDs for the reports servers.
This feature can be obtained as described below:
- for in-process servers, pass "-Djobid=random" via JVM options to Oracle WebLogic Server.
- for standalone servers, pass the "-Djobid=random" via JVM options in the command line or by setting the REPORTS_JVM_OPTIONS variable. ( More information about REPORTS_JVM_OPTIONS variable can be found in Section B.1.53, "REPORTS_JVM_OPTIONS")
Also, detailed steps for implementing this feature depending on the Oracle Reports version, can be found in these notes:
- How to Enable Random and Non-Sequential Job IDs for Reports Server 11g (Doc ID 852814.1)
- How to Enable Random and Non-Sequential Job IDs for Reports Server 12c (Doc ID 2101284.1)