Solved: Security problem in System logon via web in BW 3.5

Former Member · ‎09-11-2008

Hi gurus,

We can reach our bw reports via web browser. When the user tries to run a bw report, a simple logon screen is displayed. The user enters the username and password, he/she reaches a menu of bw reports.

But we realized that, when the user's password expires, user can still logon the system without problem. This is a big hole in our security.

Is there a way in standarts to make the logon screen be displayed whenever the user tries to logon the system through web without any development(BSP etc.)?

I tried to change the Bex service properties from sicf, but I couldn't succeed it.

Any suggesstions

Tolga

l_borsboom · ‎09-11-2008

Hi Tolga,

You might have a look at [OSS Note 498936|https://service.sap.com/sap/support/notes/498936].

This will certainly get you on the right track.

Kind regards,

Lodewijk Borsboom

l_borsboom · ‎09-11-2008

Hi Tolga,

You might have a look at [OSS Note 498936|https://service.sap.com/sap/support/notes/498936].

This will certainly get you on the right track.

Kind regards,

Lodewijk Borsboom

Former Member · ‎09-12-2008

Hi Lodewijk Borsboom,

I searched the note. Thanks alot. I want to clear a point here.

Is setting up https a prerequisite for this issue?

Thanks alot

Tolga

l_borsboom · ‎09-12-2008

No it's not.

You can use the parameter &bspdontshowhttpswarning=X (not mentioned in the note) to hide the warning message.

There's also a useful [How to Guide|https://webservice.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/aaa1a890-0201-0010-eb93-ae3d2bb74a78], information on [SAP Help|http://help.sap.com/saphelp_nw04/helpdata/EN/54/3d372c9705ae44b6c028858bfbd71f/content.htm] and a [nice blog item|http://sapport.blogspot.com/2008/05/customizing-of-logon-screens-for-bw-web.html] about this issue.

kr,

Lodewijk