Specifications

ManualsBrandsMicrosoft ManualsSoftwareSQL Server 2008 R2

201

202

203

204

205

206

207

208

209

210

186 CHAPTER 9 Reporting Services Enhancements

Report Viewer Improvements

The display of reports is also improved in the Report Viewer available in this release of SQL

Server, which now supports AJAX (Asynchronous JavaScript and XML). If you are familiar with

earlier versions of Reporting Services, you can see the improvement that AJAX provides by

changing parameters or by using drilldown. The Report Viewer no longer requires a refresh

of the entire screen, nor does it reposition the current view to the top of the report, which

results in a much smoother viewing experience.

Improved Browser Support

Reporting Services no longer supports just one Web browser, as it did when it was rst

released. In SQL Server 2008 R2, you can continue to use Windows Internet Explorer 6, 7, or

8, which is recommended for access to all Report Viewer features. You can also use Firefox,

Netscape, or Safari. However, these browsers do not support the document map, text search

within a report, zoom, or xed table headers. Furthermore, Safari 3.0 does not support the

Calendar control for date parameters or the client-side print control and does not correctly

display image les that the report server retrieves from a remote computer.

If you choose to use a Web browser other than Internet Explorer, you should understand

the authentication support that the alternative browsers provide. Internet Explorer is the only

browser that supports all authentication methods that you can use with Reporting Services—

Negotiated, Kerberos, NTLM, and Basic. Firefox supports Negotiated, NTLM, and Basic, but

not Kerberos authentication. Safari supports only Basic authentication.

NOTE Basic authentication is not enabled by default in Reporting Services. You must

modify the RSReportServer.cong le by following the instructions in SQL Server Books

Online in the topic “How to: Congure Basic Authentication in Reporting Services” at

http://msdn.microsoft.com/en-us/library/cc281309.aspx.

RDL Sandboxing

When you grant external users access to a report server, the security risks multiply enormously,

and additional steps must be taken to mitigate those risks. Reporting Services now supports

conguration changes through the use of the RDL Sandboxing feature on the report server to

isolate access to resources on the server as an important part of a threat mitigation strategy.

Resource isolation is a common requirement for hosted services that have multiple tenants

on the same server. Essentially, the conguration changes allow you to restrict the external

resources that can be accessed by the server, such as images, XLST les, maps, and data

sources. You can also restrict the types and functions used in expressions by namespace and

by member, and check reports as they are deployed to ensure that the restricted types are

not in use. You can also restrict the text length and the size of an expression’s return value

when a report executes. With sandboxing, reports cannot include custom code in their code

blocks, nor can reports include SQL Server 2005 custom report items or references to named

parameters in expressions. The trace log will capture any activity related to sandboxing and

should be monitored frequently for evidence of potential threats.