FineReport External Request Information
Overview
Nowadays, various companies have begun to pay attention to information security, especially overseas customers.
FanRuan has made great effort to protect the information security of our overseas clients.
Our efforts are focused on the following aspects:
- Security of external requests
- Data privacy and compliance
External Requests
1.Background Description
There are certain concerns about our products connecting to the external network, sending external requests or submitting data to our servers.
Now, for most customers, It is ideal that options can be offered in the product to completely cover the external network requests that need to be controlled. That is, define a parameter (or multiple) in a certain xml configuration file in the project, and decide whether to send requests at startup according to the corresponding parameter value (ON/OFF). The default value is set to OFF.
2. Analysis and solutions
1) External network request:
This means the requests sent through network to external server.
Control within one click. External network request can be controlled by the "URL management center" option in Platform Management > System > General.
If this option is turned off, when the server & designer are launched and running, requests will not be actively initiated, except for the requests triggered by users themselves.
Content
|
Details
|
---|---|
After the switch is turned off, the external requests in the list will not be actively initiated during the project startup and running, and relevant logs of the URL management center connection failure will not appear in the log. |
There are two types of external requests: 1) Connect to URL Management Center:
2) External network configuration: such as mail server, connection test or other external network requests configured by users. If not configured, it is forbidden to actively request the external network |
Detailed event controlled can be found below:
Module | External Request | Function | Submit the Data | Purpose of Submitted Data | Controlled by the URL Management Center switch |
---|---|---|---|---|---|
Cloud Center | com.fr.general.CloudCenter | Get URL of URL center | N | - |
|
Plugin Engine | com.fr.decision.webservice.v10.plugin.helper.PluginsReaderForWeb | Get update information | Y |
Plugin ID to get Plugin info |
|
com.fr.plugin.engine.control.operator.PluginDownloader | Download plugins | Y |
Plugin ID to get Plugin info |
|
|
com.fr.decision.webservice.v10.plugin.PluginService | Platform-Plugin Market information | Y | get Plugin info |
|
|
com.fr.decision.webservice.v10.plugin.PluginStoreService com.fr.decision.webservice.v10.plugin.helper.category.impl.BaseResourceLoader com.fr.decision.webservice.v10.plugin.helper.category.impl.PluginResourceLoader com.fr.decision.webservice.v10.plugin.helper.category.impl.UpmResourceLoader |
Platform-Plugin Market script information | Y | Get plugin script info |
|
|
com.fr.design.extra.exe.GetPluginFromStoreExecutor com.fr.design.extra.PluginUtils com.fr.design.extra.PluginOperateUtils com.fr.design.extra.PluginsReaderFromStore com.fr.design.extra.exe.SearchOnlineExecutor com.fr.design.extra.exe.GetPluginPrefixExecutor com.fr.design.extra.exe.GetPluginCategoriesExecutor com.fr.design.extra.exe.SearchOnlineExecutor |
Designer-plugin Market information | Y | Get plugin info |
|
|
com.fr.design.extra.WebViewDlgHelper |
Designer-plugin Market script information | Y | Get plugin script info |
|
|
Update | com.fr.decision.update.command.AddCommand | Download jar package | N | - |
|
com.fr.design.update.ui.dia;og.UpdateMainDialog | Get update information | N |
|
||
Solid Collection | com.fr.analysis.cloud.solid.job.SolidCollectJob com.fr.analysis.cloud.solid.jo.SolidCollectCheckJob |
Get the expression of timing task cron |
N | - |
|
com.fr.design.mainframe.messagecollect.solid.SolidCollector | Solid information return | Y | Solid info return |
|
|
plugin-report-nativeprint | com.fr.software.nativeprint.utils.SimpleCloudCenter |
Get URL of URL Center |
N |
|
|
bbs certification | com.fr.base.login.LoginClient |
bbs certification |
Y |
Login information verification
|
|
Cloud Operation and Maintenance |
com.fr.decision.webservice.v10.maintenance.CloudOperationMaintenanceService |
Determine whether the cloud operation and maintenance is offline, and obtain the FanRuan market token |
Y |
Upload cloud operation and maintenance app information |
|
com.fr.decision.webservice.v10.maintenance.CloudAnalyzeAppInfoRequest |
Obtain cloud operation and maintenance application information |
Y |
Upload cloud operation and maintenance app information |
|
|
com.fr.decision.webservice.v10.maintenance.CloudAnalyzeUploadCheckRequest |
Obtain the upload information of cloud operation and maintenance data package |
Y |
Upload cloud operation and maintenance app information |
|
|
com.fr.analysis.cloud.upload.CloudAnalysisSubmitRequest |
upload data submission request from Cloud operation and maintenance |
Y |
Upload cloud operation and maintenance app information |
|
|
com.fr.analysis.cloud.DefaultAnalysisRecordExecutor |
Automatic data package upload and upload information verification |
Y |
Upload cloud operation and maintenance data package |
|
|
Fanruan Market | com.fr.base.top.MarketApiClient | Create the Fanruan Market SDK Client and Get the Token | N | - |
|
com.fr.base.top.MarketApiClient | Get response from the Fanruan Market SDK client, such as obtaining SMS template information | N | - |
|
|
Decision Platform | https://cloud.fanruan.com/api/query/ip?timeout=10000 | Get the current client IP and city | N | - |
|
2) Event tracking data:
This means the data reporting of FineReport usage event tracking.
Restricted by default. When the server & designer starts and runs, they will not return data.
Content
|
Details
|
---|---|
There is corresponding configuration to control event tracking; The configuration overseas is turned off by default and will not be triggered. |
1) In the designer Can be turned off, managed by "Join product improvement program" option in File > Options > Advanced The configuration overseas is turned OFF by default and will not be triggered. 2) In the server Direct data return is not allowed in the server. |
3) Other risk control effort:
Content
|
Details
|
---|---|
For overseas product, we have also made other effort. |
|