Data Security Issue z308-verification (password) in XML Output File
- Article Type: General
- Product: Aleph
- Product Version: 16.02
Description:
When p-cir-51 is run, the resulting XML file includes the z308-verification field. The data is displayed in clear, readable text and is available to anyone on the Unix server or creating print forms and reports (for example, when viewing the raw XML format). Having this password information so easily available is a security problem.
How can we prevent the z308-verification from appearing in any XML report / form files?
Resolution:
In order to prevent z308-verification data on all XML files, add the following line to form_eng/global.trn:
!Tag Type S Parameters
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-!!!!!!!!!!-!-!!!!!!!!!!!!!!!!!!!!->
z308-verification TO-BLANK S
Then run UTIL I / 6.
The field name will continue to appear in XML files, but the field will be empty.
This will affect all the files in form_eng.
If this change was only desired in one form, every form can have its own trn (translation) file. The name of that file is the same as the name of the XSL file, only the extension is different.
for example, the form hold-request-slip.trn translates the hold-request-slip.xsl file. Instead of putting the above line in the global.trn file, put it in the specific trn file for the form.
- Article last edited: 10/8/2013