index | search | no replies | posting guidelines | help login | register
Index » Products » ASP Report Wizard v2
search this forum:
:: Security -Should I be Concern? :: (4)Post a New Message | Post a Reply
Jun 6 2005, 12:17 PM
 Security -Should I be Concern? Post a Reply
 xiongxao

View this author's profile Send this author a private message

since: Jun 6, 2005
from: North Carolina

We are evaluating your product (ASP Report Wizard), and notice that you are exposing the table data structures of the database in the HTML/ASP pages (can the data structure be encryped) and also embedded your SQL Statements (although encrypted) inside the pages.  Isn't this a security concern?  Also, when building reports using the Wizard, if a user select unrelated tables, the script will time out because large amount of data is returned.  For example, suppliers (10,000 records), and orders (100,000 records) -there is no relationship between them so 10000 * 100000 records will be returned and as a result the server will time out.

Can you address these concerns?

Thank you

Jun 6 2005, 1:59 PM
 Re: Security -Should I be Concern? Post a Reply
 ghost

View this author's profile Send this author a private message Visit author's homepage

from: Washington, DC

We expose only the field names and data types. How can you create a report if you have no idea of the table structure?
Futhermore, we expose only the tables and fields you choose. You can hide tables and fields you do not want others to see. for more information on security, check our online manual at the following link:

http://aspwebsolution.com/products/report_wizard/t_security.htm





-------------------------
Ghost
Jun 9 2005, 11:16 AM
 Re: Security -Should I be Concern? Post a Reply
 xiongxao

View this author's profile Send this author a private message

since: Jun 6, 2005
from: North Carolina

Is there a way I can encrypt the database schema in the HTML forms?

Instead of plain:
<option value="[Customers].[CustomerID]">CustomerID</option>

Encrypt it:
<option value="encrypt_table_schema">CustomerID</option>

Thanks.

Jun 9 2005, 2:11 PM
 Re: Security -Should I be Concern? Post a Reply
 ghost

View this author's profile Send this author a private message Visit author's homepage

from: Washington, DC

We can add that functionality but how much difference is it going to make?
The table and field names were originally displayed in the field selection screen for the user to select the field name.




-------------------------
Ghost
Pages: (1)   [1]

search this forum: