Security problem in System logon via web in BW 3.5
We can reach our bw reports via web browser. When the user tries to run a bw report, a simple logon screen is displayed. The user enters the username and password, he/she reaches a menu of bw reports.
But we realized that, when the user's password expires, user can still logon the system without problem. This is a big hole in our security.
Is there a way in standarts to make the logon screen be displayed whenever the user tries to logon the system through web without any development(BSP etc.)?
I tried to change the Bex service properties from sicf, but I couldn't succeed it.
L. Borsboom replied
No it's not.
You can use the parameter &bspdontshowhttpswarning=X (not mentioned in the note) to hide the warning message.
There's also a useful [How to Guide|https://webservice.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/aaa1a890-0201-0010-eb93-ae3d2bb74a78], information on [SAP Help|http://help.sap.com/saphelp_nw04/helpdata/EN/54/3d372c9705ae44b6c028858bfbd71f/content.htm] and a [nice blog item|http://sapport.blogspot.com/2008/05/customizing-of-logon-screens-for-bw-web.html] about this issue.