about the security of OData

raffinkira · ‎09-18-2015

Hi all,

OData is a JS way to communicate with the server which means source can be seen in the browser.

How to prevent other people from using the URI?

maartenf · ‎09-28-2015

Hi Ming,

As Dennis stated, the user has to authenticate to the Gateway HUB system where the OData service is exposed (via basic authentication, SAML, SSO,...). This user also needs the correct authorizations to be able to call the OData service. You have authorisations for accessing the service technically (help.sap.com) and you can (and should) also do authorization checks in the implementation of the service (which is done in your system with the IW_BEP software component, where your service OData model is created).

Good luck!

Best regards,

Maarten

former_member182862 · ‎09-20-2015

Hi Ming

It is the same everywhere, URI, URL are public. However, the user (subject) needs to authenticate in order to get access to the services offered.

-D

about the security of OData

Accepted Solutions (0)

Answers (2)

Answers (2)

[BIG PROBLEM] SAP Host Agent cannot connect to SYS...

What is the right SAP MARA field to map with CPI L...

SKU for Additional Storage

Re: IAS as proxy

Re: cloud connector