on 12-12-2007 6:28 PM
Hi Guys,
we are doing scenarios where the credit card information is passed through xi and we dosent want to persist this data in the xi database, are there any options by which we can eliminate the data storage in xi.
we have proxy to soap scenario, can i go for encrpt and decryption of the data. can somebody explain how can i acheive this ?
Thanks,
Raj
XI messages are stored in the following tables
SXMSPMAST, SXMSCLUP, SXMSPCLUR
simply restrict access to tcode SE16 so that nobody can access the tables.
secondly restrict access to message in sxmb_moni so that nobody can see the messages there as well
/people/michal.krawczyk2/blog/2006/01/02/xi-sxmbmoni--controlling-access-to-message-display
Thanx
Aamir
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
you are welcome
as far as encryption/decryption is concerned,my personal via is that it should be used in a B2B scenario(coz message may be passed over unsecured internet etc),for an A2A scenario don't overburned the interfaces by doing the extra work of encrption when you can easily achieve the same functionality by controlling user authentication.
Thanx
Aamir
You could turn off message persistence, but that would probably not be a satisfactory solution when you have to trouble-shoot any problems after go live. I'm still not sure that totally eliminates payload from being stored in db.
You could encrypt the cc number in the source system, pass it through xi, and then decrypt in target system.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Credit card information is more sensitive than just controlling access (restricting SE16). You're really not supposed to persist the data in clear text. If you ever have an incident, credit card companies will find this exposure.
What I have seen done is to use an os utility on source system and target system to encrypt the cc number. XI just passes through the encrypted cc number. The entire payload was not encrypted, just the single element for cc number.
I don't know specifically what utility was used, but function module 'SXPG_COMMAND_EXECUTE' was used in an SAP user exit during sales document creation to call the decrypt utility.
User | Count |
---|---|
83 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.