cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

http trace

Former Member

on ‎11-28-2011 7:11 AM

0 Kudos

Hi experts,

I have post this question on [Security Forum|;, here I just seek for any workaround to this situation...

I developed a portal content with WDA, and I create an iView according to this WDA.

I also create a Role which contains this iVIew, and my portal id is assigned to this Role

My portal id is using user mapping to backend IDES ERP system.

When I use firefox to view this iView content with http trace, I see the http header that contains information <sap-user> and <sap-password>, that means I can use this ID/PW to do something.

It might be a security issue if someone also get the ID/PW.

Is there any way to disable these information, or what can I do about this?

Any input is appreciated, many thanks.

Best regards,

Eason

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎11-29-2011 12:19 PM
0 Kudos

i am not a security expert, you might try to see what happens when you use https connection.

You can also setup the log-in data in the SICF node.

Show replies
Show replies
Former Member
‎11-29-2011 12:27 PM
0 Kudos

if you configure it from sicf it will use same user for all wda apps. so you will not identify users if you want.

Former Member
‎11-29-2011 11:48 AM
0 Kudos

You can use SSO between your portal and ECC backend system. So your user id and password is hidden. Your way is not right solution.

Show replies
Show replies
Former Member
‎12-08-2011 4:23 AM
0 Kudos

We have WDJ and WDA application on our portal, both of them use User Mapping to backend ERP system.

After I traced http information, for WDJ part, the user name and password are encrypted, but WDA is catched by http watch.

It seems not make sense that <sap-user> and <sap-password> has not been encrypted since we use the same logon method(user mapping).

Thanks,

Eason

Former Member
‎12-08-2011 7:30 AM
0 Kudos

Hi,

In WDJ I thin you are using jco connections. And jco connections are maintained in the server side. So you dont see any user/password. Make an SSO connection between your portal and ecc system. so it will be more secure than user mapping. you can find a lot of documents, blogs in SCN.

Ask a Question