May 13, 2005 at 8:17 am
How do i prevent a user from modifying a parameter value (like an ID) when it requests data from the report server using URL access in SQL Server Reporting Services.
May 13, 2005 at 8:58 am
Can you use the post method so that the parameters get hidden in the url?
May 14, 2005 at 9:06 am
[Not for the faint-hearted, but] You could try encrypting the parm values and derypting them in the query string. This would require you to write encrypt and decrypt fns. ie assuming you populate the parm options using datasets, encrypt the returned values using yuor encryption fn, then when using the return vlue from the Parameters collection e.g. Parameters!MyParm1.Value, you wrap this with decrypt.
Much simpler is to consider using the web service (ie not url calls) or alternatively use windows security on the virtual directory and then lookup these sensitive parm values using the users ID. This assumes that the ID you're trying to hide is user related.
Steve.
May 19, 2005 at 8:57 am
with webservices, is it true that drill down is not supported?
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply