MiditecReportDev Posted June 13, 2016 Share Posted June 13, 2016 Hi, just wanted to ask if it is in any way possible to forbid the guy who builds the reports to use certain sql statements such as insert, update or delete?As far as I can see a report tool such as Jasper should have some tools for that as normal reports in my/our eyes should be read-only oO It is kind of unsafe to allow that, especially when the guy who builds the report (theoretical scenario) may get fired, knows it and inserts a delete statement for a crucial database table into a report without anyone being abtle to stop this. Link to comment Share on other sites More sharing options...
hozawa Posted June 13, 2016 Share Posted June 13, 2016 I think database permission should be set in the database's user permission.e.g. DENY DELETE ON tablenamehttps://msdn.microsoft.com/en-us/library/ms173724.aspx Link to comment Share on other sites More sharing options...
javier.ggi90 Posted June 13, 2016 Share Posted June 13, 2016 I agree with @hozawa. But also, you should set up a development database and back it up if you are worried about it. This also prevents the developer from looking at sensitive information, if there is any. Link to comment Share on other sites More sharing options...
MiditecReportDev Posted June 14, 2016 Author Share Posted June 14, 2016 The development is not a problem, we have development databases^^ So deleting from there or looking at data is no problem at all.Problem is that you can easily give reports to customers that will delete all their data as long as you know at least one table name, which you do since they'll need to tell you for select statements anyways.Kind of unsecure in my opinion, but we'll solve this differently now. Link to comment Share on other sites More sharing options...
ghudson_1 Posted July 1, 2016 Share Posted July 1, 2016 Since 4.5, Jasper Reports Server has built-in security validation which uses regex to prohibit things like delete statements within SQL queries (other sql injection):http://community.jaspersoft.com/wiki/jaspersoft-security-changes-and-configurationOf course this is JRS, not the development tools like Studio. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now