I have a public Stored process (STP) in which I would like to be able to identify which page is calling it, via ajax.
The STP is momentarily set to run with a guest account and is thus public.
I thought to do it by inserting a secret Key in the STP variables.
But that key can be changed by users in the url.
Is there a method to identify that without leaving the possibility to users to change it?
Maybe there is a reserved STP variable that tells the origin of the request (like the server name or ip or something identifiable)?
But I could not find any among those:
_debug
_grafloc
_htcook
_htua
_program
_reqmeth
_rmtaddr
_rmthost
_srvname
_srvport
_url
_userlocale
_username
_version
http://support.sas.com/rnd/itech/doc9/dev_guide/stprocess/reserved.html
Changing my answer as I was previously incorrect. You CAN get this information (via
_htrefer) but it requires a configuration change to your SAS server. As per documentation:It's worth noting that no method can ever be 100% reliable as end users can always manipulate their requests.