Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Fixing the Sender SMTP issue

Hello,

I'm dealing with a security issue in BO XI 3.0 (I think it's the same with previous version) .When you send a document via email and if you uncheck the default settings, you can enter any email address into the "From" Field. Even your CEO's address. The only condition is that this address exists in the SMTP directory.

After looking on the forum, it's seems that it can't be fixed with any CMC settings. So I'm trying to secure it via the SDK. Does anyone has already done this before?

I have 2 ideas, could you tell me which one seems the better for you ?

  • When the "send email" form is populated, the idea is to retrieve the email of the connected user and fill the "From" field with it.

  • During the form validation, there is a javascript function called checkSMTP ( ). This function checks that the "from" field is filled. Maybe could I check that the email address filled in the field is the same than the email address of the user connected?

What do you think of those solution? Feasibility? Risk ? Security?

Any help will be nice.

Pierre

Former Member
Not what you were looking for? View more on this topic or Ask a question