Crystal Reports Tools: Improve Performance While Saving Time and Money
  Resources  
Best sellers:
cView
Report Analyzer
cViewSERVER
 ReCrystallize
 

Buy Crystal Reports

Articles:
 Administration
Advanced
Basic
 Crystal eNL
Database
Financial
Problems Solved

 Books:
CR Books
Database Books
Developer Books
 
Tools:
All CR Tools
CR Analyzers
CR Bestsellers
DataBase Tools
CR Graphics
International
CR Mail UFLs
ReCrystallizePro
CR Schedulers
CR UFLs
CR Viewers


Add'l:
About us
Contact Us
cViewSUITE Ppt
Support
CR trial
 

Crystal Reports
on Steroids

Crystal Reports Administration: Security Tips

How can you make your Crystal Report secure?

One of the great things about Crystal Reports is how widely they appear to be used. Financial, Operational, Sales and Production reports all can be designed using the same application. Web Delivery using Crystal Enterprise or a Windows-based viewer can be used to process your report.

There is a lot of valuable intellectual property included in a report design. We can see why a report designer might want to protect this valuable investment. The open design of Crystal Reports makes this difficult.

We see several things you may want to hide from public view

  • A complex formula or algorithm.
  • Data access techniques including table joins and record selection.
  • Conditional format of sections.
  • Password protected fields and sections (possibly based on a parameter).
  • Techniques to stop a report being reprocessed with fraudulent intent.

Delivering reports as HTML or PDF can protect the information hidden inside the database and report, but essentially, anyone with the Crystal Report designer can open the report and see how the report was built.

In the past, we have looked at different ways to secure a report design. Various methods suggested include:

  1. Compile the report into an application. The reports are embedded inside the EXE so are not external rpt files available to Crystal Reports. Many commercial applications take this approach.
  2. Store your reports on a Web server and only deliver via HTML and the web browser. Crystal Enterprise is an example of this approach.
  3. Encrypt the files and only decrypt the files when the viewer needs to process the files.

These all sound great. However, one of the functions available inside all these report viewers is the ability to "Export" the report. As long as you have this available, you can export to a Crystal Report format and then use your report designer against the exported copy of the report.

Our view is that you would have to disable the export to the Crystal format to keep your report secure. Any security attempt that doesn’t do this leaves a big hole.

So here is a challenge to our readers. How can you deliver a solution to your customers that stops them from looking at the rpt design itself?

The Challenge

  • You have a report with some proprietary technique from the list above.
  • Your users need to be able to process the report against a live database. This can be on any method you wish including a web browser or custom windows application.
  • Your users need to ability to export your report to several formats including XLS and PDF.
  • You need a way to hide the proprietary technique from discovery.

 

 

Related articles:

 

 

This article is copyrighted by Crystalkeen, Mindconnection, and Chelsea Technologies Ltd. It may be freely copied and distributed as long as the original copyright is displayed and no modifications are made to this material. Extracts are permitted. The names Crystal Reports and Seagate Info are trademarks owned by Business Objects.