Security issue with Oracle Reports -

Security issue with Oracle Reports -

i have problem of security oracle reports. have study called have set url, in url, there parameter called userid. parameter not encrypted , can seen source of html. have tried putting wbsite inbetween send parameters in post form, algo, have turn parameters in hexadecimal reports converts ascii again.

has encountered problem? dont know else do.

the parameter called "input_hidden_parameters"

according docs oracle reports services 11g:

15.1.3.3 info source security

data source security defines users or roles can access info within given info source. study might access multiple info sources , current user must have privileges on of info sources accessed study in order run , view output. info source administrator (typically dba) grants access info sources. info source security must established , in place prior configuring reports environment.

you can provide info source security in 2 different ways oracle reports services:

you can associate info source connection info single sign-on user. in case, first time user attempts access info source, oracle delegated administration services prompts them create resource info source connection. after user creates info source resource, oracleas single sign-on associates user in oracle net directory. 1 time info source resource associated single sign-on user, becomes part of single sign-on identity , can access info source without having log in separately. method has 2 key advantages. first, enables each user gain access info source through single sign-on identity without having login separately. second, it enables single study url used many users because info source login info stored user's identity , hence not have hard coded report's url or key mapping.

oracle security oraclereports