Solved: Offline form security

Former Member · ‎06-10-2008

Hello Experts,

I am working on the following offline scenario:

User fills in the Travel Form offline and sends the same by an email to one particular email ID. From this ID, we read the form, parse the same to get the data and then call the RFC to create Travel Request in SAP. This scenario is working fine.

However, I am thinking about security concerns of the same. Since anyone who has access to the form and an SMTP Server and can send a request in someone's name and this will create a travel request in SAP for that person.

So apart from digital signatures, what are my options? How can I make this scenario secure.

Regards,

Shubham

Former Member · ‎06-11-2008

Hi Shubham,

If you do not want to use dig signatures (either on a pdf form or a signed email) the only thing you could do is to make it harder to break your scenario. "Making it harder" means that it can be broken.

You could use visible and or invisble IDs. In case of visible IDs you could ask your users to provide it (like the employee number or a transaction approval code). The latter is a specific secret only know to the user and a lot of variants of this approach exist.

So you can decided if it is sufficient to make it reasonably hard (this depends on you, the company and/or the scenario) or you want to go with digitally signing emails/pdfs.

Regards,

Juergen

Offline form security

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: SBPA - How to handle Intermediate Message Even...

Re: Digital Signature on PDF

Re: CIG transaction tracker handling

Re: The deployed project is not reflecting in Agen...

Re: SAP BUILD deployment to production