logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
irreddy123  
#1 Posted : Tuesday, December 20, 2016 6:05:25 AM(UTC)
irreddy123

Rank: Member

Groups: Registered
Joined: 10/31/2016(UTC)
Posts: 13
India
Location: hyd

Dear Admin,
I found one security breach in seal report
when we execute report from web we can copy that link and send it to someone he is able to open same page (html) without user id and password

and For your information
currently i am using Seal Report 3.0
Security : Basic windows authentication (in web security)

i hope you have solution

Thanks
epf  
#2 Posted : Tuesday, December 20, 2016 9:47:19 AM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 676
Switzerland

Thanks: 12 times
Was thanked: 116 time(s) in 113 post(s)
Hi, this no really a security issue and it is made like this by design as:

  • the URL is suffixed by a unique name (like _rxd0v)
  • the file will be deleted within one hour


so if the end-user wants to share his html link, he can do it, the link will be valid for one hour...
he could also save the html into a local file and send this file by email, it is more or less the same.

However, I understand that this open link could disturb an organization and this point might be enhanced for a future version as security is very sensible today...
Contributors are welcomed...

Edited by user Tuesday, December 20, 2016 9:48:12 AM(UTC)  | Reason: Not specified

irreddy123  
#3 Posted : Tuesday, December 20, 2016 10:42:38 AM(UTC)
irreddy123

Rank: Member

Groups: Registered
Joined: 10/31/2016(UTC)
Posts: 13
India
Location: hyd

Thanks for reply
ok at least is it possible to reduce the link expire time like 10 mins or 5 mins ?
if it is please let me know process
epf  
#4 Posted : Tuesday, December 20, 2016 12:22:44 PM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 676
Switzerland

Thanks: 12 times
Was thanked: 116 time(s) in 113 post(s)
The purge is made by the HomeController in initReportExecution():
FileHelper.PurgeTempDirectory(repository.WebPublishFolder);
So it will occur only when a new report is being executed (this can be an issue to control the lifetime of the file).

You might change the value (one hour) hardcoded in
public static void PurgeTempDirectory(string directoryPath) of FileHelper.cs and recompile the product (actually only SealLibrary.dll)...


It will be easy to add this value as a parameter in the server configuration for a future release.

Edited by user Tuesday, December 20, 2016 12:23:34 PM(UTC)  | Reason: Not specified

irreddy123  
#5 Posted : Wednesday, December 28, 2016 7:33:43 AM(UTC)
irreddy123

Rank: Member

Groups: Registered
Joined: 10/31/2016(UTC)
Posts: 13
India
Location: hyd

Dear Admin,
I don't have good coding skills so could you please help me how to reduce time to 5seconds. Means that temp file should delete with in 5seconds
Or
Please let me know step by step process

Edited by user Wednesday, December 28, 2016 7:34:48 AM(UTC)  | Reason: Not specified

epf  
#6 Posted : Saturday, December 31, 2016 9:17:07 AM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 676
Switzerland

Thanks: 12 times
Was thanked: 116 time(s) in 113 post(s)
Sorry I cannot not explain further,
You can get consulting from https://ariacom.com/ or sponsor this feature if you do not have the skills to do it...
Good luck.
irreddy123  
#7 Posted : Monday, January 2, 2017 10:03:17 AM(UTC)
irreddy123

Rank: Member

Groups: Registered
Joined: 10/31/2016(UTC)
Posts: 13
India
Location: hyd

Dear Team,
For this feature how much i need to sponsor?
epf  
#8 Posted : Monday, January 2, 2017 8:18:55 PM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 676
Switzerland

Thanks: 12 times
Was thanked: 116 time(s) in 113 post(s)
Thank you to use the contact Form from https://ariacom.com/contact.cshtml and you will get a quotation...
epf  
#9 Posted : Wednesday, February 8, 2017 10:36:44 AM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 676
Switzerland

Thanks: 12 times
Was thanked: 116 time(s) in 113 post(s)
Waiting for the 3.1, the best workaround is to have a small batch deleting files older than 1 minutes from the temp folder…
irreddy123  
#10 Posted : Wednesday, February 8, 2017 10:50:24 AM(UTC)
irreddy123

Rank: Member

Groups: Registered
Joined: 10/31/2016(UTC)
Posts: 13
India
Location: hyd

Hi,
May i know when you are going to release 3.1?
irreddy123  
#11 Posted : Thursday, February 9, 2017 8:43:42 AM(UTC)
irreddy123

Rank: Member

Groups: Registered
Joined: 10/31/2016(UTC)
Posts: 13
India
Location: hyd

Hi Admin,
i am trying to recomplie project but i am getting below error could you please help me to solve below error

Severity Code Description Project File Line Suppression State
Error CS0246 The type or namespace name 'ADODB' could not be found (are you missing a using directive or an assembly reference?) SealLibrary C:\Users\rami\Downloads\Seal-Report-3.0.2\Seal-Report-3.0.2\Projects\SealLibrary\Forms\ConnectionStringEditor.cs 58 Active

Thanks,
RAMI
epf  
#12 Posted : Friday, February 10, 2017 10:53:50 AM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 676
Switzerland

Thanks: 12 times
Was thanked: 116 time(s) in 113 post(s)
Hi, as the message says, you are missing an Assembly, this may depends on your environment.
You can check for solution on the web for this.
epf  
#13 Posted : Wednesday, April 12, 2017 1:35:38 PM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 676
Switzerland

Thanks: 12 times
Was thanked: 116 time(s) in 113 post(s)
The 3.1 is released and should solve this security issue....
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.