Indispensable - JasperReports, iReport, and R

By Dave Jarvis	Article Rating:
April 17, 2011 04:31 PM EDT	Reads:	2,545

Related
Print
Email
Feedback
Add This
Blog This

A problem has come to my attention over the last few years and I thought Java.net would be a good place to talk about it.

I have noticed that many reporting integrations use vendor-supplied examples verbatim. This is an issue.

With JasperReports (the Java-based reporting tool), the reports contain SQL code. That SQL code can tell a hacker a lot about the database (type, version, table names, column names, and such). This opens up an attack vector, and many people host their report files in the same directory as the web files.

Worse still, some people write JSPs with the database connection information (login, password, host name, database name) in plain text - inside the JSP files!

This needs to stop; sure, the code gets the job done, but no sane boss (if they understood the implications) would agree to publishing attack vectors on their web site.

Where would be a good place to talk about this issue on the Java.net website? Also, I have implemented an open source solution:

http://www.whitemagicsoftware.com/software/java/rif/

http://www.whitemagicsoftware.com/software/java/rif/api/

And written on the new integration at length. See Chapter 15 (free) of my eBook:

http://www.whitemagicsoftware.com/books/indispensable

You may contact me through my web form:

http://www.whitemagicsoftware.com/contact.shtml

Published April 17, 2011 – Reads 2,545
Copyright © 2011 Ulitzer, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

Related
Print
Email
Feedback
Add This
Blog This

More Stories By Dave Jarvis

Dave Jarvis has been developing software since 1981. He is animated by analytical thinking, inspired by Space Shuttle software, and a Jazz enthusiast. He understands that complex, poorly designed systems impede efficiency, eliminate possibilities, and are unreliable; when building software, he champions simplicity and ease of future enhancements.

Ulitzer

Reproduction in whole or in part in any form or medium without express written permission of Ulitzer, Inc. is prohibited.

Ulitzer content is offered under Creative Commons "Attribution Non-Commercial No Derivatives" License. For any reuse or distribution, you must make clear to others the license terms of this work. The best way to do this is with a link to this web page. Any of the above conditions can be waived if you get written permission from Ulitzer, Inc., the copyright holder. Nothing in this license impairs or restricts the author's moral rights.

Robust. Reliable. Enterprise.

Dave Jarvis