cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication with wrong username possible?

Former Member

on ‎05-18-2009 8:27 AM

0 Kudos

Hi experts,

we are using web services based on ABAP function modules, created in SAP. The username of the service user is "web_services", so it's 12 characters long, exactly as long as the maximum length of a SAP username.

The problem is that when I use "web_services_test" as username, which is longer than 12 characters, but the first characters are correct, then the authentication succeeds. This is of course wrong, because the username is just not the right one. It does even not exist in SAP at all.

So, is this SAP standard behaviour, can I fix this issue somehow?

Thanks in advance for your help!

Kind regards, Matthias

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎05-18-2009 10:10 AM
0 Kudos

Hi,

I think that you have discovered an interesting "security feature" !

It seems that the SAP runtime just truncates the user name to the first 12 characters.

You should report this "feature" to SAP by opening a message on http://service.sap.com

I hope that the password is the same for both users "web_services" and "web_services_test" ?

Regards,

Olivier

Show replies
Show replies
Former Member
‎05-18-2009 10:15 AM
0 Kudos

... I have already openend a message.

Let's see what SAP says to this issue.

KR, Matthias

Former Member
‎05-18-2009 12:01 PM
0 Kudos

Hi again,

Please keep us informed of SAP answer. I am interested by the subject !

Regards,

Olivier

Ask a Question