better PHP integration
Options
Hi Gang,
I have read and reread the PHP integration options but have not found an easy way to accomplish this task.
I have setup and used a seperate Tomcat server to simply load the correct URL in my PHP application. This leaves much to be desired, namely anyone can read the URL and run the report. How can I hide BIRT reports to the general public while leaving reports open to authenticated users? Also import is to prevent some users in my PHP application from running any report the BIRT server has loaded. Again using only simple URL's an authenticated users could still tease out a BIRT report simply by hacking a URL.
I have read about the PHP Java bridge but will with scale up to heavy users? Another option I have heard of is to call a BIRT report from the command line and pipe the output to a PHP page? Still details on setting each up are scant at best. Does anyone have a resource to suggest?
I have read and reread the PHP integration options but have not found an easy way to accomplish this task.
I have setup and used a seperate Tomcat server to simply load the correct URL in my PHP application. This leaves much to be desired, namely anyone can read the URL and run the report. How can I hide BIRT reports to the general public while leaving reports open to authenticated users? Also import is to prevent some users in my PHP application from running any report the BIRT server has loaded. Again using only simple URL's an authenticated users could still tease out a BIRT report simply by hacking a URL.
I have read about the PHP Java bridge but will with scale up to heavy users? Another option I have heard of is to call a BIRT report from the command line and pipe the output to a PHP page? Still details on setting each up are scant at best. Does anyone have a resource to suggest?
0
Comments
-
<blockquote class='ipsBlockquote' data-author="jim"><p>Hi Gang,<br />
<br />
I have read and reread the PHP integration options but have not found an easy way to accomplish this task.<br />
<br />
I have setup and used a seperate Tomcat server to simply load the correct URL in my PHP application. This leaves much to be desired, namely anyone can read the URL and run the report. How can I hide BIRT reports to the general public while leaving reports open to authenticated users? Also import is to prevent some users in my PHP application from running any report the BIRT server has loaded. Again using only simple URL's an authenticated users could still tease out a BIRT report simply by hacking a URL.<br />
<br />
I have read about the PHP Java bridge but will with scale up to heavy users? Another option I have heard of is to call a BIRT report from the command line and pipe the output to a PHP page? Still details on setting each up are scant at best. Does anyone have a resource to suggest?</p></blockquote>
<br />
Hi,<br />
<br />
A simple way to prevent unauthenticated users to access the report is to generate dynamically the .rptdesign file with php.<br />
Basically, if a user has the permission, you make the rptdesign file available to the tomcat server. When he finishes, destroy the design file.<br />
<br />
We have used the command line option to integrate BIRT with our PHP application. It's just a matter of using the genReport.sh file located in the ReportEngine folder of the birt report engine.0 -
<blockquote class='ipsBlockquote' data-author="ajj"><p>Hi,<br />
<br />
A simple way to prevent unauthenticated users to access the report is to generate dynamically the .rptdesign file with php.<br />
Basically, if a user has the permission, you make the rptdesign file available to the tomcat server. When he finishes, destroy the design file.<br />
<br />
We have used the command line option to integrate BIRT with our PHP application. It's just a matter of using the genReport.sh file located in the ReportEngine folder of the birt report engine.</p></blockquote>
<br />
<br />
I have the same problem with PHP and BIRT, because anyone runs on your own server, and is true, any person can copy, and paste the URL and run the report, and changue the value of parameters to see information, and if the account to access the database is with permissions to write, he can do sql injection.<br />
<br />
I'm trying to send the parameters encrypted with probably RSA or other alghoritm, and in the report decrypt this parameters to run the report.<br />
<br />
There are other options that combine do security, like:<br />
<br />
First, the account of the BD must be only for read.<br />
<br />
In the carpet where are the reports, copy de index.jsp, this do that nobody can view the files in the folder.<br />
<br />
<br />
Too, is good to mark Hidden the parameters in BIRT, because if you know the path to the rptdesign, and run this, Birt will show and ask for the value of parameters.<br />
<br />
<br />
<br />
But, as said Ajj, he can create the .rptdesign in PHP, it's very interesting, Ajj, can you put some example here, please ?<br />
<br />
Thanks.0 -
<blockquote class='ipsBlockquote' data-author="Rojo"><p>
But, as said Ajj, he can create the .rptdesign in PHP, it's very interesting, Ajj, can you put some example here, please ?<br />
<br />
Thanks.</p></blockquote>
<br />
It's easy. You first have to create the .rptdesign with the birt designer and place it in a folder where apache tomcat can't access it. Then, when someone requests a report, you move the .rptdesign file to a folder tomcat can access. (With php, you can do it easily with the copy() function).<br />
<br />
I have taken a different and cleaner approach to integrate birt with php without using an apache tomcat server. I'm only using the birt Report Engine with a standard version of Java (no java server required). When you download the Report Engine, there is a shell script which lets you generate a report in command line.<br />
It's something like this: sh genReport.sh -f pdf -o output.pdf input.rptdesign<br />
<br />
With php, you can use the shell_exec function to execute shell commands.<br />
<br />
<?php<br />
shell_exec ( "sh genReport.sh -f pdf -o output.pdf input.rptdesign" );<br />
?> <br />
<br />
With this you can integrate birt really well with any php application.0 -
These sound promissing. I'm really interested in your 2nd approach.
<?php
shell_exec ( "sh genReport.sh -f pdf -o output.pdf input.rptdesign" );
?>
So can I still generate an interactive web based report this way and pipe the output to an HTML file?
"I'm only using the birt Report Engine with a standard version of Java (no java server required)."
So how is performance without Tomcat?
Thanks for your reply!0 -
You can do whatever you want
For example, if your report has parameters, you can create an html form and then process the input with php and generate a report in html.
<?php
shell_exec ( "sh genReport.sh -f html -o output.html -p year=".$_POST." input.rptdesign" );
?>
And then you are free to display the output.html file or let the user download it.
Performance wise, I would tell you it's slower than Tomcat, but I didn't really have the time to optimize it. For example, I think you can let an instance of birt run in the background to speed the processing time.0 -
I tried the same
<?php
system ( "genReport.bat -f pdf -o output.pdf input.rptdesign" );
?>
but its not displaying any output onscreen0
Categories
- All Categories
- 109 Developer Announcements
- 49 Articles
- 100 General Questions
- 122 IM Services
- 40 OpenText Hackathon
- 31 Developer Tools
- 20.6K Analytics
- 4.1K AppWorks
- 8.9K Extended ECM
- 897 Cloud Fax and Notifications
- 77 Digital Asset Management
- 9.3K Documentum
- 29 eDOCS
- 122 Exstream
- 39.8K TeamSite
- 1.7K Web Experience Management
