Reporting Points

  • Article

By default, reporting points are not configured to use SSL to encrypt communications. Intercepting the session state or credentials in unencrypted HTTP traffic is a relatively easy security attack. Stealing the session state could give the attacker full access to the reporting point.

*SPEnable HTTPS Access for Reporting Points

In versions earlier then SMS 2003 SP1, no SMS components supported SSL on the site systems that require Internet Information Services (IIS). With SMS 2003 SP1, it is recommended that you configure the SMS Administrator console to launch the report viewer through HTTPS. This setting does not obtain the certificate or configure IIS to use SSL. Complete these configurations before you configure the reporting point for HTTPS access.

Note

When you launch or navigate through the SMS Report Viewer Web page through HTTPS, you might receive a warning message about unsecure data. This is a known issue with Internet Explorer.

For the procedure, see Enabling HTTPS Access for Reporting Points in Appendix E: “Appendix E: SMS Security Procedures.” *SP