myDBR Forums » General discussion

Passing User Changable / Protected Parameters via Direct URL

(8 posts) (2 voices)

Tags:

No tags yet.

  1. shannon.patterson, Member

    Hi,

    I'm having difficulty setting up an embedded report.

    The report (id = 9, m = 1) has three parameters

    u1 - date1
    u2 - date2
    p3 - int

    u1 and u2 are user changeable, and p3 is a protected parameter. From the Direct URL documentation, I understand that I should be able to build a hash formatted as 9p3{int}m1{secret}, which should be able to build a URL of the format report.php?r=9&u1={date1}&u2={date2}&m1=&h={hash}

    This does not seem to be working. Obviously there is something I do not understand, but I have no idea what I'm missing. I would love some input as to where I am going wrong.

  2. myDBR Team, Key Master

    Hi,
    the URL calculation is correct. If your p3 value would be 5, and your secret value would be 'secret', the sha1 value would be calculated from string '9p35m1secret'. This would get hash value of 4b84673368d4ea237158670b576cc3ba29f51cd1. The final url would then be:

    report.php?r=9&u1={date1}&u2={date2}&m=1&h=4b84673368d4ea237158670b576cc3ba29f51cd1

    See that m-parameter would be &m=1 instead of &m1.

    --
    myDBR Team

  3. shannon.patterson, Member

    Thanks for the quick reply. However it doesn't resolve my issue. I'm wondering if the problem is elsewhere. The hash generated inside the myDBR interfaces and inside my webapp are identical, so I think this verifies the hashing is okay. However, when I access the report I want inside the myDBR interface, the URL is

    report.php?r=9&u1=2012-11-01&u2=2012-11-29&p3=2&m=1&h={hash}

    and when embedding the report inside an object, the URL is

    report.php?r=9&u1=2012-11-01&u2=2012-11-29&m=1&h={hash}&hdr=0

    Attempting to access the report through the second url yields "Report security hash does not match. Report execution aborted."

    Can you offer any insight as to what the problem might be?
    Thanks so much.

  4. myDBR Team, Key Master

    Please show the actual parameter values and the string from where you calculate the hash and the resulting non-working URL. With actual values it is easier to spot the problem. You can change your hash seed temporarily.

    --
    myDBR Team

  5. shannon.patterson, Member

    The temporary seed is 'secret'

    $hash = sha1('9p32m1secret');

    this URL does not work (inside my webapp)
    report.php?r=9&u1=2012-11-01&u2=2012-11-30&m=1&h=d1d1385182f8a599399d1146879dbf925e3024d1&hdr=0

    this URL does work (in myDBR's interfaces)
    report.php?r=9&u1=2012-11-01&u2=2012-11-30&p3=2&m=1&h=d1d1385182f8a599399d1146879dbf925e3024d1

    Thanks again

  6. myDBR Team, Key Master

    this URL does not work (inside my webapp)
    report.php?r=9&u1=2012-11-01&u2=2012-11-30&m=1&h=d1d1385182f8a599399d1146879dbf925e3024d1&hdr=0

    The URL is missing the 'p3'-parameter, which is used in the hash calculation. Therefore the calculated hash does not match.

    --
    myDBR Team

  7. shannon.patterson, Member

    So despite the fact that the parameter is "protected", it needs to be passed publicly to myDBR? I didn't understand that. Thanks so much for helping me fix this issue, you were great.

  8. myDBR Team, Key Master

    Protected means that user cannot change it and that your report can trust that the parameter value comes from trusted source: from myDBR or from someone who knows the seed value and is able to create valid URL's.

    --
    myDBR Team


Reply

You must log in to post.