Rank: Member
Groups: Registered
Joined: 10/31/2016(UTC) Posts: 13  Location: hyd
|
Dear Admin,
I found one security breach in seal report
when we execute report from web we can copy that link and send it to someone he is able to open same page (html) without user id and password
and For your information
currently i am using Seal Report 3.0
Security : Basic windows authentication (in web security)
i hope you have solution
Thanks
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209  Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
Hi, this no really a security issue and it is made like this by design as:
- the URL is suffixed by a unique name (like _rxd0v)
- the file will be deleted within one hour
so if the end-user wants to share his html link, he can do it, the link will be valid for one hour... he could also save the html into a local file and send this file by email, it is more or less the same. However, I understand that this open link could disturb an organization and this point might be enhanced for a future version as security is very sensible today... Contributors are welcomed... Edited by user Tuesday, December 20, 2016 9:48:12 AM(UTC)
| Reason: Not specified
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 10/31/2016(UTC) Posts: 13 Location: hyd
|
Thanks for reply
ok at least is it possible to reduce the link expire time like 10 mins or 5 mins ?
if it is please let me know process
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209 Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
The purge is made by the HomeController in initReportExecution(): FileHelper.PurgeTempDirectory(repository.WebPublishFolder); So it will occur only when a new report is being executed (this can be an issue to control the lifetime of the file). You might change the value (one hour) hardcoded in public static void PurgeTempDirectory(string directoryPath) of FileHelper.cs and recompile the product (actually only SealLibrary.dll)... It will be easy to add this value as a parameter in the server configuration for a future release. Edited by user Tuesday, December 20, 2016 12:23:34 PM(UTC)
| Reason: Not specified
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 10/31/2016(UTC) Posts: 13 Location: hyd
|
Dear Admin, I don't have good coding skills so could you please help me how to reduce time to 5seconds. Means that temp file should delete with in 5seconds Or Please let me know step by step process Edited by user Wednesday, December 28, 2016 7:34:48 AM(UTC)
| Reason: Not specified
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209 Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
Sorry I cannot not explain further, You can get consulting from https://ariacom.com/ or sponsor this feature if you do not have the skills to do it... Good luck.
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 10/31/2016(UTC) Posts: 13 Location: hyd
|
Dear Team,
For this feature how much i need to sponsor?
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209 Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209 Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
Waiting for the 3.1, the best workaround is to have a small batch deleting files older than 1 minutes from the temp folder…
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 10/31/2016(UTC) Posts: 13 Location: hyd
|
Hi,
May i know when you are going to release 3.1?
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 10/31/2016(UTC) Posts: 13 Location: hyd
|
Hi Admin,
i am trying to recomplie project but i am getting below error could you please help me to solve below error
Severity Code Description Project File Line Suppression State
Error CS0246 The type or namespace name 'ADODB' could not be found (are you missing a using directive or an assembly reference?) SealLibrary C:\Users\rami\Downloads\Seal-Report-3.0.2\Seal-Report-3.0.2\Projects\SealLibrary\Forms\ConnectionStringEditor.cs 58 Active
Thanks,
RAMI
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209 Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
Hi, as the message says, you are missing an Assembly, this may depends on your environment.
You can check for solution on the web for this.
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209 Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
The 3.1 is released and should solve this security issue....
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
