Hiding or Encrypting parameter value in report server url

  • Hi ,

    I'm accessing the reports from my web application by forming the url like below

    http://localhost/reportserver?/TestReports/Report1&WO_Id=1

    where WO_Id is the report parameter.

    Now in the address bar of the report server user can easily change the parameter value and they can able to see the report for other values.

    I like to restrict that.

    Kindly help me to solve this issue

    -----------------------------------------------------------------------------------------------------------------------------------------------------------
    Please feel free to let me know if you are not clear or I’ve misunderstood anything.

    Thanks,
    Arunkumar S P

  • Hi,

    I have got the same problem with my reports now,

    Please let me know if you got or find any solution for this.

    your help will be greatly appreciated.

    Thanks

    Lakki

    lakki1901@gmail.com

  • Hi,

    if you can change the query of your report and the table it queries isn't to big, you can try to hide the easily guessed value for your parameter in a hash function like so:

    declare @id int = 1;

    select cast(HASHBYTES('MD5',CAST(@id as nvarchar(50)) )as bigint) as ID_HASH

    The problem is, that you have to compare it in your WHERE clause against hash values for all rows of your column, which can be quite an overhead...

    Lars

  • Arunkumar S P - Tuesday, July 21, 2009 8:08 AM

    Hi ,I'm accessing the reports from my web application by forming the url like belowhttp://localhost/reportserver?/TestReports/Report1&WO_Id=1where WO_Id is the report parameter.Now in the address bar of the report server user can easily change the parameter value and they can able to see the report for other values.I like to restrict that. Kindly help me to solve this issue

    I have this same issue did you find a solution? Thanks for any insight you can give.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply