[ST-251] Report query string parameterization - Workterra Jira

Details

Type: Enhancement
Status: Closed
Priority: Critical
Resolution: Done
Component/s: BenAdmin
Labels:
None

Module:
BenAdmin - Security
Reported by:
Support
Item State:
Production Complete - Closed
Issue Importance:
Must Have

Description

All parameters are visible in browser when user view report.

Resolution:
We should encrypt report query string parameters so that user should not be able to manipulate reports.

Attachments

Activity

Ascending order - Click to sort in descending order

Vijayendra Shinde (Inactive) created issue - 13/Jul/16 10:04 AM

Vijayendra Shinde (Inactive) made changes - 13/Jul/16 10:04 AM

Field	Original Value	New Value
Assignee		Vijayendra Shinde [ ID10506 ]

Vijayendra Shinde (Inactive) made changes - 13/Jul/16 10:04 AM

Status

New Request [ 10029 ]

Pending for Approval [ 10002 ]

Vijayendra Shinde (Inactive) made changes - 13/Jul/16 10:04 AM

Status

Pending for Approval [ 10002 ]

Approved for Development [ 10003 ]

Vijayendra Shinde (Inactive) made changes - 13/Jul/16 10:04 AM

Status

Approved for Development [ 10003 ]

In Development [ 10007 ]

Vijayendra Shinde (Inactive) made changes - 13/Jul/16 10:05 AM

Component/s		BenAdmin [ 10100 ]
Issue Importance		Must Have [ 11800 ]
Item State		Parent values: Development(10200)Level 1 values: In Progress(10206)
Module	Parent values: BenAdmin(10100)	Parent values: BenAdmin(10100)Level 1 values: Security(10112)
Priority	Medium [ 3 ]	Highest [ 1 ]

Hide

Permalink

Vijayendra Shinde (Inactive) added a comment - 13/Jul/16 10:05 AM

We are working on encrypting parameters of Reports.

Show

Vijayendra Shinde (Inactive) added a comment - 13/Jul/16 10:05 AM We are working on encrypting parameters of Reports.

Hide

Permalink

Vijayendra Shinde (Inactive) added a comment - 18/Jul/16 09:49 AM

Affected Files:

SharedFunctionWebTier/SharedFunctionWebTier/Views/Shared/_WORKTERRALayout.cshtml
SharedFunctionWebTier/SharedFunctionWebTier/Views/Shared/_WORKTERRALayout.generated.cs
Web Projects/BenAdmin/Scripts/WORKTERRAShared.js
Web Projects/WORKTERRA/ReportViewer/ViewReport.aspx.cs

Show

Vijayendra Shinde (Inactive) added a comment - 18/Jul/16 09:49 AM Affected Files: SharedFunctionWebTier/SharedFunctionWebTier/Views/Shared/_WORKTERRALayout.cshtml SharedFunctionWebTier/SharedFunctionWebTier/Views/Shared/_WORKTERRALayout.generated.cs Web Projects/BenAdmin/Scripts/WORKTERRAShared.js Web Projects/WORKTERRA/ReportViewer/ViewReport.aspx.cs

Vijayendra Shinde (Inactive) made changes - 18/Jul/16 09:50 AM

Developer

Vijayendra Shinde [ ID10506 ]

Vijayendra Shinde (Inactive) made changes - 18/Jul/16 09:50 AM

Assignee

Vijayendra Shinde [ ID10506 ]

Deepali Tidke [ deepalit ]

Vijayendra Shinde (Inactive) made changes - 18/Jul/16 09:50 AM

Item State

Parent values: Development(10200)Level 1 values: In Progress(10206)

Parent values: LB QA(10201)

Deepali Tidke (Inactive) made changes - 18/Jul/16 11:36 AM

Status

In Development [ 10007 ]

Local Testing [ 10200 ]

Gokul Sonawane (Inactive) made changes - 18/Jul/16 12:13 PM

Item State

Parent values: LB QA(10201)

Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)

Hide

Permalink

Deepali Tidke (Inactive) added a comment - 19/Jul/16 06:19 AM

Checked the company level reports on LB from partner, CA and EE login >> on report run >> parameters are encrypted now.

Sachin Hingole checked the ACA reports on lb and they are also encrypted.

For Global level reports , encryption is not coming as it not implemented at global level

Show

Deepali Tidke (Inactive) added a comment - 19/Jul/16 06:19 AM Checked the company level reports on LB from partner, CA and EE login >> on report run >> parameters are encrypted now. Sachin Hingole checked the ACA reports on lb and they are also encrypted. For Global level reports , encryption is not coming as it not implemented at global level

Deepali Tidke (Inactive) made changes - 19/Jul/16 06:19 AM

Item State

Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)

Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)

Deepali Tidke (Inactive) made changes - 20/Jul/16 05:59 AM

Status

Local Testing [ 10200 ]

Pending for Stage Approval [ 10300 ]

Deepali Tidke (Inactive) made changes - 20/Jul/16 05:59 AM

Status

Pending for Stage Approval [ 10300 ]

Approved for Stage [ 10030 ]

Deepali Tidke (Inactive) made changes - 20/Jul/16 05:59 AM

Status

Approved for Stage [ 10030 ]

Stage Testing [ 10201 ]

Deepali Tidke (Inactive) made changes - 20/Jul/16 05:59 AM

Stage Due Date

25/Jul/16 [ 2016-07-25 ]

Deepali Tidke (Inactive) made changes - 20/Jul/16 05:59 AM

Production Due Date

26/Jul/2016

Hide

Permalink

Deepali Tidke (Inactive) added a comment - 24/Jul/16 02:04 PM

Checked the company level reports on stage from partner, CA and EE login >> on report run >> parameters are encrypted now.

For Global level reports , encryption is not coming as it not implemented at global level

Sachin Hingole please check ACA level reports on stage.

Show

Deepali Tidke (Inactive) added a comment - 24/Jul/16 02:04 PM Checked the company level reports on stage from partner, CA and EE login >> on report run >> parameters are encrypted now. For Global level reports , encryption is not coming as it not implemented at global level Sachin Hingole please check ACA level reports on stage.

Hide

Permalink

Sachin Hingole (Inactive) added a comment - 25/Jul/16 06:43 AM

Verified ACA reports on stage and they are also encrypted.
Also reports are opening without error.

Show

Sachin Hingole (Inactive) added a comment - 25/Jul/16 06:43 AM Verified ACA reports on stage and they are also encrypted. Also reports are opening without error.

Sachin Hingole (Inactive) made changes - 25/Jul/16 06:44 AM

Item State

Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)

Parent values: Stage QA(10202)

Sachin Hingole (Inactive) made changes - 25/Jul/16 06:44 AM

Item State

Parent values: Stage QA(10202)

Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)

Rakesh Roy (Inactive) made changes - 08/Aug/16 01:16 PM

Item State

Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)

Parent values: Stage QA(10202)Level 1 values: Production Deployment on Hold(10224)

Satya made changes - 03/Sep/16 07:46 AM

Item State

Parent values: Stage QA(10202)Level 1 values: Production Deployment on Hold(10224)

Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)

Hrishikesh Deshpande (Inactive) made changes - 06/Sep/16 07:20 AM

Assignee

Deepali Tidke [ deepalit ]

Hrishikesh Deshpande [ hrishikesh.deshpande ]

Rakesh Roy (Inactive) made changes - 15/Sep/16 03:24 AM

Status

Stage Testing [ 10201 ]

Pending for Production Approval [ 10301 ]

Rakesh Roy (Inactive) made changes - 15/Sep/16 03:24 AM

Status

Pending for Production Approval [ 10301 ]

Approved for production [ 10034 ]

Rakesh Roy (Inactive) made changes - 15/Sep/16 03:24 AM

Status

Approved for production [ 10034 ]

Production Testing [ 10202 ]

Rakesh Roy (Inactive) made changes - 15/Sep/16 03:24 AM

Resolution		Fixed [ 1 ]
Status	Production Testing [ 10202 ]	Production Complete [ 10028 ]

Rakesh Roy (Inactive) made changes - 15/Sep/16 03:25 AM

Item State

Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)

Parent values: Production Complete(10222)Level 1 values: Closed(10223)

Hrishikesh Deshpande (Inactive) made changes - 18/Oct/16 04:06 AM

Status

Production Complete [ 10028 ]

Closed [ 6 ]

Transition	Time In Source Status	Execution Times

Vijayendra Shinde (Inactive) made transition - 13/Jul/16 10:04 AM

New Request

Pending for Approval

12s

Vijayendra Shinde (Inactive) made transition - 13/Jul/16 10:04 AM

Pending for Approval

Approved for Development

Vijayendra Shinde (Inactive) made transition - 13/Jul/16 10:04 AM

Approved for Development

In Development

Deepali Tidke (Inactive) made transition - 18/Jul/16 11:36 AM

In Development

In LB Testing

5d 1h 31m

Deepali Tidke (Inactive) made transition - 20/Jul/16 05:59 AM

In LB Testing

Pending for Stage Approval

1d 18h 22m

Deepali Tidke (Inactive) made transition - 20/Jul/16 05:59 AM

Pending for Stage Approval

Approved for Stage

Deepali Tidke (Inactive) made transition - 20/Jul/16 05:59 AM

Approved for Stage

Stage Testing

Rakesh Roy (Inactive) made transition - 15/Sep/16 03:24 AM

Stage Testing

Pending for Production Approval

56d 21h 24m

Rakesh Roy (Inactive) made transition - 15/Sep/16 03:24 AM

Pending for Production Approval

Approved for production

Rakesh Roy (Inactive) made transition - 15/Sep/16 03:24 AM

Approved for production

In Production Testing

Rakesh Roy (Inactive) made transition - 15/Sep/16 03:24 AM

In Production Testing

Production Complete

15s

Hrishikesh Deshpande (Inactive) made transition - 18/Oct/16 04:06 AM

Production Complete

Closed

33d 42m

People

Assignee:: Hrishikesh Deshpande (Inactive)

Reporter:: Vijayendra Shinde (Inactive)

Developer:: Vijayendra Shinde (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13/Jul/16 10:04 AM

Updated:: 18/Oct/16 04:06 AM

Resolved:: 15/Sep/16 03:24 AM

Pre-Prod Due Date:: 25/Jul/2016

Production Due Date:: 26/Jul/2016