FineReport External Request Information

Overview

Nowadays, various companies have begun to pay attention to information security, especially overseas customers.

FanRuan has made great effort to protect the information security of our overseas clients.

Our efforts are focused on the following aspects:

  • Security of external requests
  • Data privacy and compliance

External Requests

1.Background Description

There are certain concerns about our products connecting to the external network, sending external requests or submitting data to our servers.

Now, for most customers, It is ideal that options can be offered in the product to completely cover the external network requests that need to be controlled. That is, define a parameter (or multiple) in a certain xml configuration file in the project, and decide whether to send requests at startup according to the corresponding parameter value (ON/OFF). The default value is set to OFF.

 2. Analysis and solutions

1) External network request:

This means the requests sent through network to external server.

Control within one click. External network request can be controlled by the "URL management center" option in Platform Management > System > General.

If this option is turned off, when the server & designer are launched and running, requests will not be actively initiated, except for the requests triggered by users themselves.

Content
Details
After the switch is turned off, the external requests in the list will not be actively initiated during the project startup and running, and relevant logs of the URL management center connection failure will not appear in the log.

There are two types of external requests:

1) Connect to URL Management Center:

  • If no default value:
    1. It can be turned off and is controlled by the switch;
    2. No longer connect to URL management center after the switch is turned off
  • If there is a default value:
    1. It can be turned off and is controlled by the switch. After the switch is turned off, it will no longer connect to the URL Management Center.
    2. The default value is only allowed to be the default value of the configuration class, and is not allowed to be the default value for the external network request class, that is, it is not allowed to actively request the external network through the default value.

2) External network configuration: such as mail server, connection test or other external network requests configured by users.

If not configured, it is forbidden to actively request the external network

 

 

 

Detailed event controlled can be found below:

Module External Request Function Submit the Data Purpose of Submitted Data Controlled by the URL Management Center switch
Cloud Center com.fr.general.CloudCenter Get URL of URL center N -
  •  
Plugin Engine com.fr.decision.webservice.v10.plugin.helper.PluginsReaderForWeb Get update information Y

Plugin ID

to get Plugin info

  •  
com.fr.plugin.engine.control.operator.PluginDownloader Download plugins Y

Plugin ID

to get Plugin info

  •  
com.fr.decision.webservice.v10.plugin.PluginService Platform-Plugin Market information Y get Plugin info
  •  

com.fr.decision.webservice.v10.plugin.PluginStoreService

com.fr.decision.webservice.v10.plugin.helper.category.impl.BaseResourceLoader

com.fr.decision.webservice.v10.plugin.helper.category.impl.PluginResourceLoader

com.fr.decision.webservice.v10.plugin.helper.category.impl.UpmResourceLoader

Platform-Plugin Market script information Y Get plugin script info
  •  

com.fr.design.extra.exe.GetPluginFromStoreExecutor

com.fr.design.extra.PluginUtils

com.fr.design.extra.PluginOperateUtils

com.fr.design.extra.PluginsReaderFromStore

com.fr.design.extra.exe.SearchOnlineExecutor

com.fr.design.extra.exe.GetPluginPrefixExecutor

com.fr.design.extra.exe.GetPluginCategoriesExecutor

com.fr.design.extra.exe.SearchOnlineExecutor

Designer-plugin Market information Y Get plugin info
  •  

com.fr.design.extra.WebViewDlgHelper

Designer-plugin Market script information Y Get plugin script info
  •  
Update com.fr.decision.update.command.AddCommand Download jar package N -
  •  
com.fr.design.update.ui.dia;og.UpdateMainDialog Get update information N  
  •  
Solid Collection com.fr.analysis.cloud.solid.job.SolidCollectJob com.fr.analysis.cloud.solid.jo.SolidCollectCheckJob

Get the expression of timing task cron

N -
  •  
com.fr.design.mainframe.messagecollect.solid.SolidCollector Solid information return Y Solid info return
  •  
plugin-report-nativeprint com.fr.software.nativeprint.utils.SimpleCloudCenter

Get URL of URL Center

N  
  •  
bbs certification com.fr.base.login.LoginClient

bbs certification

Y

Login information verification

 

  •  

Cloud Operation and Maintenance

com.fr.decision.webservice.v10.maintenance.CloudOperationMaintenanceService

Determine whether the cloud operation and maintenance is offline, and obtain the FanRuan market token

Y

Upload cloud operation and maintenance app information

  •  
com.fr.decision.webservice.v10.maintenance.CloudAnalyzeAppInfoRequest

Obtain cloud operation and maintenance application information

Y

Upload cloud operation and maintenance app information

  •  
com.fr.decision.webservice.v10.maintenance.CloudAnalyzeUploadCheckRequest

Obtain the upload information of cloud operation and maintenance data package

Y

Upload cloud operation and maintenance app information

  •  
com.fr.analysis.cloud.upload.CloudAnalysisSubmitRequest

upload data submission request from Cloud operation and maintenance

Y

Upload cloud operation and maintenance app information

  •  
com.fr.analysis.cloud.DefaultAnalysisRecordExecutor

Automatic data package upload and upload information verification

Y

Upload cloud operation and maintenance data package

  •  
Fanruan Market com.fr.base.top.MarketApiClient Create the Fanruan Market SDK Client and Get the Token N -
  •  
com.fr.base.top.MarketApiClient Get response from the Fanruan Market SDK client, such as obtaining SMS template information N -
  •  
Decision Platform https://cloud.fanruan.com/api/query/ip?timeout=10000 Get the current client IP and city N -
  •  

 

2) Event tracking data:

This means the data reporting of FineReport usage event tracking.

Restricted by default. When the server & designer starts and runs, they will not return data.

Content
Details
There is corresponding configuration to control event tracking;
The configuration overseas is turned off by default and will not be triggered.

1) In the designer

Can be turned off, managed by "Join product improvement program" option in File > Options > Advanced

The configuration overseas is turned OFF by default and will not be triggered.

2) In the server

Direct data return is not allowed in the server.

 

3) Other risk control effort:

Content
Details
For overseas product, we have also made other effort.
  1. Alphafine: turn off Internet search by default
  2. Product Improvement Program(data return): OFF for oversea versions and will never take effect actually even if it is checked.
  3. Nativeprint event tracking: turned OFF by default for overseas versions

Contact Us

사용자그룹 가입

6월16일
사용자교육

Privacy

Copyright©2018 FanRuan Software Co., Ltd.