Hi
I have a HTML item in a report that returns a document image from a document store. We want to set it so that the user can't change the reference to view a different document and the best way I can think to do this is to hide the address bar so it can't be edited. Does anyone know how to amend this HTML to load the HTML without showing the address bar please?
<html>
<body>
<a href="http://IPADDRESS/di/view?RD=INV,REF=123456"" target=_blank">
Show Image
</a>
</body>
</html>
Is this a security issue? As long as a URL is involved, a savvy user is still going to be able to determine the URL and paste it into another browser session. If nothing else, it is likely going to appear in the page source which is quite easily obtained.
If you can do this, a better approach might be to build a service to assign a very long and unpredictable hash value to a document, and use that to fetch the image. As long as the hash is sufficiently long and unpredictable, the likelihood of guessing the hash is very very small. A truly secure solution would probably require the SDK, some developer skills and knowledge of your systems so the image could be streamed back instead of referenced by URL.