No. They serve a different purpose, but the control files have a similar format.

First of all I recommend using the [NW70Ehp1 docs|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/b2096b7895307be10000000a42189b/frameset.htm] and not the NW04 ones and please also read the OSS notes on the two control files for more detailed information about changes to them and what they are intended for.

You can compare secinfo and reginfo (from the "use-case" for security usage) to the security settings which a reverse proxy performs, as compared to a forward proxy in the http protocol world.

The reginfo protects external systems from the SAP system so that they cannot be "hijacked" once a (possibly) legitimate program is being communicated with from the SAP system via the gateway.

The secinfo protects the SAP system's own server programs from being started from legitimate hosts. These will typically be "local" programs started from the system itself (this also includes the "local" context of a remotely called RFC enabled ABAP function module on the aplpication server!), but they can also be started remotely without the typical ABAP control options (authentication, authorization, some configuration)... which is what you should want to control!

In addition to previous SDN related threads (use the search) you can also check the blog space for the term "SAPTechEd hacker's lunch".

Please note that there have been some changes in this area, so you must keep your kernel and SP levels in mind.

It is not an easy topic you have chosen... Concentrate on the HOST parameters for quick (and imprortant) wins with low effort - pass the granular security to the applications (if you can trust them on those hosts).

Cheers,

Julius