Fixing the Sender SMTP issue

Former Member · ‎10-16-2008

Hello,

I'm dealing with a security issue in BO XI 3.0 (I think it's the same with previous version) .When you send a document via email and if you uncheck the default settings, you can enter any email address into the "From" Field. Even your CEO's address. The only condition is that this address exists in the SMTP directory.

After looking on the forum, it's seems that it can't be fixed with any CMC settings. So I'm trying to secure it via the SDK. Does anyone has already done this before?

I have 2 ideas, could you tell me which one seems the better for you ?

When the "send email" form is populated, the idea is to retrieve the email of the connected user and fill the "From" field with it.

During the form validation, there is a javascript function called checkSMTP ( ). This function checks that the "from" field is filled. Maybe could I check that the email address filled in the field is the same than the email address of the user connected?

What do you think of those solution? Feasibility? Risk ? Security?

Any help will be nice.

Pierre

ted_ueda · ‎10-16-2008

Before going the SDK way, have you tried setting the SMTPFrom context-param in the InfoViewApp WEB-INF/web.xml file?

Sincerely,

Ted Ueda

Fixing the Sender SMTP issue

Accepted Solutions (0)

Answers (1)

Answers (1)

Re: SBPA - How to handle Intermediate Message Even...

Re: Digital Signature on PDF

Re: CIG transaction tracker handling

Re: The deployed project is not reflecting in Agen...

Re: SAP BUILD deployment to production