APAR status
Closed as fixed if next.
Error description
There is a section on URL Security in the Cognos Software Development Kit Developer Guide as follows:??URL Security?Because URL commands can bypass IBM Cognos access controls, we recommend?that you fully discuss security issues with your administrator before implementing?them.?For more information about access permissions, see the Administration and Security?Guide.??Browser Cookie Support?If a user logs on before issuing a URL request, the browser cookie already contains?their IBM Cognos Access Manager passport ID. The dispatcher automatically?extracts this ID and appends it to the bibus ? biBusHeader class before forwarding?the request to the target service provider for processing.??Anonymous Logon Support?If a user attempts to log on and no authorized passport ID is detected in their?browser cookie, the Web gateway or dispatcher can enable anonymous logon for?this request. Before the service request is forwarded, an anonymous ID is?appended to the bibus ? biBusHeader class. Anonymous logon only occurs if a?bibus ? CAM passport is not found in the browser cookie and if IBM Cognos is?configured to support this option.??Multiple Logon Alternative?You can disable both cookie ID detection and anonymous logon. However, if you?do, your users must log on manually every time they use a URL to perform a task.?One way to avoid the need for multiple logons is to specify a PASS form variable?immediately after the last form variable in the URL. This appends a passport ID?onto the bibus ? biBusHeader class and forwards it, along with the URL request, to?the target service provider. This PASS variable takes precedence over any other?passport ID in the user's cookie list. However, we do not recommend this?technique for use in HTTP environments, because it exposes unencrypted?passwords to anyone reading the URL.?Tips: To ensure that system security is not compromised, we recommend that you?only use the PASS method if Secure Socket Layer (SSL) HTTPS transport is?implemented. If you must use the PASS method in an HTTP environment, enable it?only for users having the highest security clearance, and set up timeouts that force?these users to log off promptly. Otherwise, URL recipients can use their?unencrypted passport IDs to log on remotely and perform unauthorized tasks on?the sender's computer.???How does one disable cookie ID detection so as to allow logon but to require a user to log on manually every time they use a URL to perform a task when anonymous logon has also been disabled??
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All Users * **************************************************************** * PROBLEM DESCRIPTION: * * See error description. * **************************************************************** * RECOMMENDATION: * * Upgrade to IBM Cognos Business Intelligence 10.2 Refresh * * Pack 1 * ****************************************************************
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
PM60113
Reported component name
COG8 SOFT DEVKI
Reported component ID
5724W12SK
Reported release
A11
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-03-09
Closed date
2013-06-11
Last modified date
2013-06-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
RA21 PSN
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCHNWX","label":"Software Development Kit (SDK) v11x"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A11","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
11 June 2013