cancel
Showing results for 
Search instead for 
Did you mean: 

Data Storage in XI ?

Former Member
0 Kudos

Hi Guys,

we are doing scenarios where the credit card information is passed through xi and we dosent want to persist this data in the xi database, are there any options by which we can eliminate the data storage in xi.

we have proxy to soap scenario, can i go for encrpt and decryption of the data. can somebody explain how can i acheive this ?

Thanks,

Raj

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

XI messages are stored in the following tables

SXMSPMAST, SXMSCLUP, SXMSPCLUR

simply restrict access to tcode SE16 so that nobody can access the tables.

secondly restrict access to message in sxmb_moni so that nobody can see the messages there as well

/people/michal.krawczyk2/blog/2006/01/02/xi-sxmbmoni--controlling-access-to-message-display

Thanx

Aamir

Former Member
0 Kudos

Hi Aamir,

The bolg was really helpful and thanks for answering the question and i really appreciate the help

Thanks,

Raj

Former Member
0 Kudos

you are welcome

as far as encryption/decryption is concerned,my personal via is that it should be used in a B2B scenario(coz message may be passed over unsecured internet etc),for an A2A scenario don't overburned the interfaces by doing the extra work of encrption when you can easily achieve the same functionality by controlling user authentication.

Thanx

Aamir

former_member431549
Contributor
0 Kudos

You could turn off message persistence, but that would probably not be a satisfactory solution when you have to trouble-shoot any problems after go live. I'm still not sure that totally eliminates payload from being stored in db.

You could encrypt the cc number in the source system, pass it through xi, and then decrypt in target system.

Former Member
0 Kudos

Hi Tim,

can you plz tell me how can i acheive the encryption and decrption on the selected fields or the whole data.

any help would be really appreciated

Thanks,

Raj

former_member431549
Contributor
0 Kudos

Credit card information is more sensitive than just controlling access (restricting SE16). You're really not supposed to persist the data in clear text. If you ever have an incident, credit card companies will find this exposure.

What I have seen done is to use an os utility on source system and target system to encrypt the cc number. XI just passes through the encrypted cc number. The entire payload was not encrypted, just the single element for cc number.

I don't know specifically what utility was used, but function module 'SXPG_COMMAND_EXECUTE' was used in an SAP user exit during sales document creation to call the decrypt utility.

Former Member
0 Kudos

Hi Tim,

Can you explain on the utility tool used to encrypt the data on the source system and our source system is sap system.

Thanks,

Srini