on 11-28-2011 7:11 AM
Hi experts,
I have post this question on [Security Forum|;, here I just seek for any workaround to this situation...
I developed a portal content with WDA, and I create an iView according to this WDA.
I also create a Role which contains this iVIew, and my portal id is assigned to this Role
My portal id is using user mapping to backend IDES ERP system.
When I use firefox to view this iView content with http trace, I see the http header that contains information <sap-user> and <sap-password>, that means I can use this ID/PW to do something.
It might be a security issue if someone also get the ID/PW.
Is there any way to disable these information, or what can I do about this?
Any input is appreciated, many thanks.
Best regards,
Eason
i am not a security expert, you might try to see what happens when you use https connection.
You can also setup the log-in data in the SICF node.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can use SSO between your portal and ECC backend system. So your user id and password is hidden. Your way is not right solution.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We have WDJ and WDA application on our portal, both of them use User Mapping to backend ERP system.
After I traced http information, for WDJ part, the user name and password are encrypted, but WDA is catched by http watch.
It seems not make sense that <sap-user> and <sap-password> has not been encrypted since we use the same logon method(user mapping).
Thanks,
Eason
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.