Skip to Content
author's profile photo Former Member
Former Member

What security issues to be considered while developing UI5 app ?

Just wanted to know what kinda code will lead to security breaches in UI5

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Feb 11, 2014 at 01:16 PM

    I think the biggest issue I see time and time again is people trying to implement authorisation in the application to restrict access to data, rather than standard SAP authorisations.

    Query parameters can always be modified by debuggers, HTTP proxies etc, a lot easier than server side technologies, so it's important to ensure that access to data is correctly restricted in the backend system, i.e. if I change a customer number in a query, the backend authorisations should prevent me from viewing the details.

    Many thanks,

    Jason

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 11, 2014 at 12:01 PM

    Hi Saktivel,

    I think it is very important:

    - Avoid hardcode of user & passwords on service call in JS code. Avoid store user & password cookies in mobile scenarios. Use single sign on or logon token mechanisms (with a validity period) in order to store a user cookie. When token expires, your app must ask for logon credentials again.

    - User https to encode transport data.

    - If you use cookies or local browser database, try to store non unsafe data like employee personal data or similar. If you need to store this, encode it.

    - Don't publish your services without credentials (public).

    - Don't publish your backend without Web Proxy in front to the Internet. You could expose your backend to DoS denial of service attacks for example. It is better your web proxy fall instead your backend

    Cheers

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 11, 2014 at 07:53 AM

    Hi,

    you can refer this thread as well as ui5 documentation Documentation/AdvancedTopics/SecurityGuide – SAPUI5 Wiki (TIP CORE User Interface)

    I guess this covers all security aspects while developing UI5 app.

    Regards,

    Chandra

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.