I have created a report using Sql Server Reporting Services, and embedded in simple HTML (actually a CodeIgniter App).
The report accepts a parameter, and shows results accordingly.
The question is won't it be very easy for user to simply inspect element, and change the value of Parameter from url in IFrame?
For example, consider following code:
<iframe src="http://lt-isb-ts-009:8081/Reports/report/PIMS/ItemsList?rs:Embed=true&StoreId=21"></iframe>
What if user goes into inspect element, and changes StoreId to 23 for example? How can I prevent him from doing this? What are the options available?
Aucun commentaire:
Enregistrer un commentaire