cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem with BW IView in Portal.

Go to solution
Former Member

on ‎11-22-2007 2:53 PM

0 Kudos

Hi Experts,

I am facing one security issue for BW Iviews in EP.

If I am taking the properties of BWIview by right clicking the iview->properties at runtime(ie. in explorer), it shows the address url as

http://<b><BWServerIPAddress></b>:8000/sap/bw/BEx.

But, due to some security reasons, I dont want this info to be displayed.

Please help me. It's very urgent.

Regards,

Krishnaveni.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

detlev_beutner
Active Contributor
‎11-22-2007 3:05 PM
0 Kudos

Hi Krishnaveni,

If I understand you right: You mean right clicking "just in the middle" of the BW-iView and checking the properties, using the IE context menu.

This is all but a security issue. BW iView are URL isolated, i.e. iFrames. Of course iFrames have their own target URL, and of course you can check where this is coming from. Even if you would achieve that the context menu of the IE would not work (I think this is possible), the URL would be saved within the IE history. Do it really doesn't make to try to hide this info.

In fact, a security issue is if you need to hide the IP... You should avoid atacking possibilities on the server itself! Or do you try to secure your home by (1) letting the door open but (2) not telling anyone where you live?!?!

Hope it helps

Detlev

Show replies
Show replies
Former Member
‎11-23-2007 4:12 AM
0 Kudos

Hi Detlev,

Thanks for your valuable reply. You got my problem correctly.

Do you mean to say that there is no option other than disabling the context menu of explorer to avoid this?

Here the interesting thing is, the ip address is getting displayed only for BW iviews, but not for other portal iviews. If the ip address is displayed in context menu of explorer, then it will be a security flaw right? How can I avoid this?

Is there any way to display the fully qualified hostname instead of this ip address? Or atleast for the time being, how can I disable the context menu of explorer?

Thanks

krishnaveni

Former Member
‎11-23-2007 4:19 AM
0 Kudos

Hi krishnaveni,

Instead of using IP address into the system defn(Application host) you can use hostname. And then make entry of that hostname into your DNS or your local hosts file.

Hope this helps!

regards

Atul Shrivastava

Former Member
‎11-23-2007 5:09 AM
0 Kudos

Hi Atul,

I already tried the same, but was not working. One thing I noted was, after deleting the entire BW server host details from host file, the BW iview is getting displayed with the url properties as ip address of BW server. I am not getting from where it is taking the ip address.

Please give me some suugestions..

Thanks,

Krishnaveni

Former Member
‎11-23-2007 5:18 AM
0 Kudos

Can you tell me what parameters you are using in your System. I am interested in connector properties.

former_member304001
Active Contributor
‎11-23-2007 5:20 AM
0 Kudos

Check SAP Note :805344

how URLs are generated automatically from the BW front end:

Other terms

URL, generation, RSBB_URL_PREFIX_GET, message server, HTTPURLLOC

Reason and Prerequisites

If you execute a query or template in the Web from the Web Application Designer, BEx Query Designer or BEx Analyzer, a URL of the form http://host.domain.com:8000/sap/bw/BEx. is automatically created. The following section describes the steps used to generate this URL.

Solution

The function module RSBB_URL_PREFIX_GET is used to generate the URL in BW. That is, when you click "Launch in Web Browser" in the BEx Anaylzer, "Display Query on the Web" in the BEx Query Designer or "Execute in the browser" in the Web Application Designer, the function module is called and this returns the protocol, host, domain, port and service.

The function module essentially runs through three steps:

Determine the settings on the server application,

Determine the settings relating to the message server, provided that it is used,

Determines the settings for an exception, if maintained.

First, the application server settings are created. If a message server is used, the settings relating to host and port are replaced with the message server settings. If an exception is maintained, the host and port are replaced by the exception.

Protocol

The HTTP or HTTPS protocol is created in accordance with the setting in transaction SPRO under "Business Information Warehouse" --> "Reporting-relevant settings" --> "Web-based settings" --> "Maintain Web log (HTTP/HTTPS)". Refer to note 512337.

Settings on the application server

The host and domain of the application server are defined in the parameter SAPLOCALHOSTFULL or icm/host_name_full in accordance with Note 773830. A fully qualified host name should always be maintained to prevent SSO and/or HTTPS problems in advance. This means that, due to the valid Internet standards, the corresponding parameter should include the host and domain. For more information about this, see Notes 434918 and 654982.

The port of the application server is defined in the parameter icm/server_port_X.

To evaluate these parameter values, the function module RSBB_URL_PRFIX_GET calls the Basis function module HTTP_GET_URL2 .

Example: No message server is activated and no exception is defined.

Protocol = HTTP

icm/host_name_full = apphost.domain.com

icm/server_port_0 = PROT=HTTP, PORT=50015

Generated URL: http://apphost.domain.com:50015/sap/bw/BEx.

Settings for the message server

You can use the message server to distribute the load of incoming HTTP requests across several application servers. In this case, the initial URL is rendered with the host and port of the message server, which then forwards the request to an available application server. The message server-specific settings for host and port are saved in the parameters rdisp/mshost and ms/http_port or ms/https_port or ms/server_port_X. The port of the message server must not be the same as the port of the application server on which it is running. Note 493475 contains additional information about this.

Example: In addition to the above configuration, a message server is used.

rdisp/mshost = mshost

ms/http_port = 8000

Generated URL: http://mshost.domain.com:8000/sap/bw/BEx.

Web dispatcher/exception table HTTPURLLOC

You can maintain exceptions in the table HTTPURLLOC. For example, here you can implement the settings in such a way that all HTTP requests on the application /sap/bw/BEx should be forwarded to a Web dispatcher or reverse proxy. The first hit found is created, provided that several exceptions apply for an incoming request . Note 561885 contains more information about this topic.

Example: An exception is maintained for the application /SAP/bw/BEx.

PROTOCOL = HTTP

APPLICATN = /sap/bw/BEx

HOST = www.webdispatcher.com

PORT = 1000

Generated URL: http://www.webdispatcher.com:1000/sap/bw/BEx.

Answers (0)

Ask a Question