JasperReportsIntegration icon indicating copy to clipboard operation
JasperReportsIntegration copied to clipboard
verified publisher icon daust

Ability to store DB schema credentials in database not in application.property file

Open lschilde opened this issue 7 years ago • 4 comments

It would be great if we could configure JRI to use passwords from a database instead of flat config file. If nothing than as passing the connect string including user/pwd. Thank you.

lschilde avatar Jan 19 '18 13:01 lschilde

Hi Lino (@lschilde),

did you come up with a workaround? What does it look like?

Currently I am thinking about different ways to implement your requirement behind the requirement ... which is security and using data in the "current schema". This would also basically eliminate the need for features #2, #3 and #4.

I could

  • implement a different version of the integration as java stored procedures to actually run it IN the database or
  • implement a different version as an extension to ORDS, similar to the pdf printing which is included in APEX itself.

Cheers, ~Dietmar.

daust avatar Sep 29 '18 19:09 daust

Hi Dietmar,

We don't have a work around at this point. We were hoping you might come with something to help us but I didn't want to bother you. I know you are busy as it gets.

If I could pick I would probably prefer the ORDS way of implantation. ;)

Thanks for getting back to me on this.

Cheers Lino

On Sunday, September 30, 2018, Dietmar Aust [email protected] wrote:

Hi Lino (@lschilde https://github.com/lschilde),

did you come up with a workaround? What does it look like?

Currently I am thinking about different ways to implement your requirement behind the requirement ... which is security and using data in the "current schema". This would also basically eliminate the need for features #2 https://github.com/daust/JasperReportsIntegration/issues/2, #3 https://github.com/daust/JasperReportsIntegration/issues/3 and #4 https://github.com/daust/JasperReportsIntegration/issues/4.

I could

  • implement a different version of the integration as java stored procedures to actually run it IN the database or
  • implement a different version as an extension to ORDS, similar to the pdf printing which is included in APEX itself.

Cheers, ~Dietmar.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/daust/JasperReportsIntegration/issues/8#issuecomment-425671092, or mute the thread https://github.com/notifications/unsubscribe-auth/AFo_-kjIyJy3YARAlARYJCn29FoPICliks5uf85WgaJpZM4Rkcmp .

lschilde avatar Sep 30 '18 00:09 lschilde

Hi Lino,

I will think about it, each approach has multiple challenges and limitations. Perhaps I might even go with a token based approach where the report is only executed when a valid token can be found for this unique request. The token will be stored in the database and deleted once used. Also the token will expire after a few seconds.

What is the real requirement behind your request? Security or flexibility? Will you always run the report in the same schema where you initiated the request from? So basically go out ... and come back with the report? Or do run reports on other instances?

In addition just being able to pass user/pwd shouldn't be too hard ... but doesn't sound like a secure / good design overall.

Cheers, ~Dietmar.

daust avatar Sep 30 '18 16:09 daust

Hi Dietmar,

My first requirement and concern is security and ability for multiple clients to call reporting engine without exposing credentials and their data.

I get what you are saying about multiple angles to sort this out.

If it runs in the same schema would be good enough for now in my eyes. I like token idea you mentioned but anything that makes it feasible at your end in terms of not to time consuming ;)

Thanks Lino

On Monday, October 1, 2018, Dietmar Aust [email protected] wrote:

Hi Lino,

I will think about it, each approach has multiple challenges and limitations. Perhaps I might even go with a token based approach where the report is only executed when a valid token can be found for this unique request. The token will be stored in the database and deleted once used. Also the token will expire after a few seconds.

What is the real requirement behind your request? Security or flexibility? Will you always run the report in the same schema where you initiated the request from? So basically go out ... and come back with the report? Or do run reports on other instances?

In addition just being able to pass user/pwd shouldn't be too hard ... but doesn't sound like a secure / good design overall.

Cheers, ~Dietmar.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/daust/JasperReportsIntegration/issues/8#issuecomment-425731583, or mute the thread https://github.com/notifications/unsubscribe-auth/AFo_-jXRKgdII16Q87dlM7_5JwMLv4haks5ugOxUgaJpZM4Rkcmp .

lschilde avatar Oct 01 '18 03:10 lschilde