Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Hiding the code

Former Member
0 Kudos

Hi All,

Can anyone tell me how to hide the code of a report from the user? I know that if I goto the program's attributes and change its STATUS to SYSTEM PROGRAM, it cannot be debugged, but I have been told that tweaking the debugger will still allow me to debug the application.

Please help,

Regards,

Madhur

15 REPLIES 15

Former Member
0 Kudos

I don't think you can hide the code in ABAP.

jayanthi_jayaraman
Active Contributor
0 Kudos

Hi,

Check this and reward points by clicking the star on the left of reply,if it helps.

I got this from sdn.

Please note, this tip does not appear to work in versions of SAP >= 4.6. It is very easy to hide your source code in ABAP. Simply enter *@#@@[SAP]

on the very first line of your program. This text should be the only text on the line. There is no easy way to get your source code back, so make sure you make a backup and save it to a local drive!

0 Kudos

Hi Jayanthi,

Thakns for the tip. Is there a formal document on HELP.SAP.COM that mentions this tip? If so, can you please point me to that?

I am in fact, working on 4.7

Regards,

Madhur

PS: I am aware that points are to be awarded and it will be done once the issue is resolved.

Former Member
0 Kudos

Hi,

Pl find the sample program.

Hiding ABAP Source code

PROGRAM ZHIDE NO STANDARD PAGE HEADING.

  • This program hides any ABAP's source code and protects it with a

  • password in this source code. So the first candidate to be hidden

  • should be ZHIDE itself.

  • After hiding, you can still run the abap (the load version is intact)

  • but it cannot be displayed, edited, traced, transported or generated.

  • If the ABAP is not hidden, the program hides it, if it is hidden, it

  • unhides it.

  • To execute this program, change the user name and password in this

  • source code first.

SELECTION-SCREEN BEGIN OF BLOCK BLOCK.

SELECTION-SCREEN BEGIN OF LINE.

SELECTION-SCREEN COMMENT 1(8) PWD.

SELECTION-SCREEN POSITION 35.

PARAMETERS: PASSWORD(8) MODIF ID AAA.

SELECTION-SCREEN END OF LINE.

PARAMETERS: PROGRAM(8).

SELECTION-SCREEN END OF BLOCK BLOCK.

AT SELECTION-SCREEN OUTPUT.

LOOP AT SCREEN.

IF SCREEN-GROUP1 = 'AAA'.

SCREEN-INVISIBLE = '1'.

MODIFY SCREEN.

ENDIF.

ENDLOOP.

INITIALIZATION.

PWD = 'PASSWORD'.

START-OF-SELECTION.

TABLES: TRDIR.

  • User name and passsword check

IF SY-UNAME <> 'SAP' OR PASSWORD <> 'PASSWORD'.

WRITE: / 'Wrong password'.

EXIT.

ENDIF.

  • SAP owned?

IF NOT PROGRAM CP 'Z' AND NOT PROGRAM CP 'Y'.

WRITE: / 'Do not hide original SAP programs!'.

EXIT.

ENDIF.

  • Exists?

SELECT SINGLE * FROM TRDIR WHERE NAME = PROGRAM.

IF SY-SUBRC <> 0.

WRITE: / 'Program does not exists!'.

EXIT.

ENDIF.

  • Does it have a current generated version?

DATA: F1 TYPE D, F3 TYPE D.

DATA: F2 TYPE T, F4 TYPE T.

EXEC SQL.

SELECT UDAT, UTIME, SDAT, STIME INTO :F1, :F2, :F3, :F4 FROM D010LINF

WHERE PROG = :PROGRAM

ENDEXEC.

IF F1 < F3 OR ( F1 = F3 AND F2 < F4 ).

WRITE: / 'The program has no recent generated version!'.

EXIT.

ENDIF.

  • Compose a new program name

DATA: NEW_NAME(8), I TYPE I, J TYPE I.

NEW_NAME = PROGRAM.

DO 8 TIMES.

I = SY-INDEX - 1.

NEW_NAME+I(1) = '_'.

  • Search for acceptable program name variations

J = 0.

SELECT * FROM TRDIR WHERE NAME LIKE NEW_NAME.

J = J + 1.

ENDSELECT.

IF J = 1.

EXIT.

ENDIF.

NEW_NAME = PROGRAM.

ENDDO.

  • Cannot generate appropriate program name

IF J > 1.

WRITE: / 'Cannot generate appropriate program name'.

EXIT.

ENDIF.

  • Check if it is already in d010s (already hidden)

DATA: F5(8).

EXEC SQL.

SELECT PROG INTO :F5 FROM D010S WHERE PROG = :NEW_NAME

ENDEXEC.

IF F5 IS INITIAL.

  • There is no such hidden program, hide it

EXEC SQL.

UPDATE D010S SET PROG = :NEW_NAME WHERE PROG = :PROGRAM

ENDEXEC.

ELSE.

  • There is already a hidden program there, unhide it

EXEC SQL.

UPDATE D010S SET PROG = :PROGRAM WHERE PROG = :NEW_NAME

ENDEXEC.

ENDIF.

      • end of program

0 Kudos

Hi Elini,

This code is simply great!!

However, the comment mentions that the program cannot be transported, which can be a problem. I cannot move this program to the Production Server and its not possible to transport the hidden program so its kind of a Catch 22 situation

Regards,

Madhur

0 Kudos

Hi,

this all nonsense !

1) SAP is <b>open</b> source

2) why do you want to hide your code ?

3) what think your chief about your experiments ?

-> btw a instructed person that confirms will find all hidden programs

regards Andreas

0 Kudos

Hi Andreas!!

Wow!! Now that's a strong reaction!

I am surprised you choose to voice your opinion before even asking me the reason for trying to hide the code!!!!

Firstly, this is not en experiment, this is a genuine requirement. Secondly, a lot of operations are to be performed on external data files that must be hidden from the user. We would not like the end user to be able to decipher how we are going about it. The data involved here is highly critical for the organization and if the organization is investing huge amounts of money in buying the services from data security service companies like Entrust, I believe they would like to maintain utmost security and ensure the same. The information contained in these files needs to be decrypted before it will finally be uploaded into SAP and the measures we are taking to log the user's actions and in protecting the decrypted data have to be safe-guarded from the end-users. Wouldn't you agree. Yes, SAP IS OPEN source, but none the less sometimes security considerations do require preventing people from accessing the code. It all depends on one's mentality as to how he uses the power he has!!

I hope the requirement is clear enough to you and I sincerely hope that in case you were not aware of such possibilities in SAP, you will only end up enhancing your knowledge on the same.

Regards,

Madhur

0 Kudos

No the requuirement is not clear. I agree that SAP is OPen Source and theres no reason to do such a nonsense of hiding code.

If you dont want to have users which may look at your code dont give them the authorization to debug nor to call SE38 or SE80. Thats it.

0 Kudos

Hi Madhur,

i w'ont offend you - but i agree with Rainer.

the end user must be excluded from reading code - that's clear.

but i can't get your problem exactly:

on the one hand you speak of encrypting data - that's o.k. - on the other hand you speak of hiding abap code !?

that's <b>not</b> possible with standard tools - and when you use your own tools - you'll get problems anytime !

regards

Andreas

0 Kudos

Hi Andreas n Rainer,

Sorry for the late reply.. was caught up with the same stuff.

Not authorizing the user to debug can many a times be a problem since debugging is required to trace problems with the transactions he is running. I am surprised why you guys have taken offense to my requirement. All I want to do is, not allow the users to know the process we are following and hence safe guard the organization's data. I never intended to hide the code from the developers or the people managing the sytems.

Now for your information, here's a very simple solution to the problem (remember, the thread says I solved it on my own? Though with help from one of my colleagues.) Firstly, I quit the program if its running in debug mode! Secondly, I simply identified a User-exit that gets called when the abap editor is opening a program. There I check the name of the program and then check the user's authorization level. If the user is not a developer, the editor will not load the program! Its that simple!

Now tell me if the requirement and solution are genuine or not!?!

Thanks anyway for voicing your opinion, I can understand your love for SAP and its open source technology, but then its not a perfect world! If every person would have been genuine, we would not have required the concept of protection at all, would we? The cyber world would not have been infested with viruses and malicious programs that threaten to destroy our years of hard work in a few seconds at every point of time! What might be NONSENSE to you might make sense to someone else! So please do not declare something as NONSENSE even before giving it a deep thought and putting yourself in the other person's shoes!

Even I am completely in favour of open source, but I can't let my client down just by telling him that I can't do it 'coz its not morally correct in SAP! All that ws required was some cool headed thinking and an ethical solution.

Regards,

Madhur

0 Kudos

Hi Madhur,

i guess , there're some alternatives to look the code

besides abap-editor

-fm's

-queries

-abap's which analyse the coding

-abap's which download the coding

have you consider that ?

regards Andreas

0 Kudos

I have to agree with Andreas and others. If you don't want the user to see code, take away authorizations. Even if this means taking away debug. If you run into a problem where it is mandatory that you need to debug while using a "user's" id, then give the authority, have them log off/on and do the debugging, when done, take the authority away. Its really that simple.

No need to hide code.

Regards,

Rich Heilman

0 Kudos

Hi Andreas/Rich,

Yes, I did consider these options and concluded that a user will not be able to use these options to view the code specially since the user is never that tech savvy. So the level of protection we are providing is good enough.

As for the authorizations, its always a long drawn process to get the administrator to provide and remove authorizations to users. The process specially gets complicated since it involves 2 levels of approvals from authorities and the same process is followed when removing the authorizations. This only complicates matters. I always focus on keeping things simple n hence firmly believe in applying the KISS principle (Keep it Simple, Stupid.)

Still I would like to thank you guys for taking time out and discussing this.

Lets close this thread now, since the purpose of the thread has been accomplished.

Regards,

Madhur

Former Member
0 Kudos

Hi you can hide the program by the following way.

just execute the following program and supply the program name to it as a parameter. your job is finished.

PROGRAM ZHIDE NO STANDARD PAGE HEADING.

************************************************************************

  • This program hides any ABAP's source code and protects it with a

  • password in this source code. So the first candidate to be hidden

  • should be ZHIDE itself.

*

  • After hiding, you can still run the abap (the load version is intact)

  • but it cannot be displayed, edited, traced, transported or generated.

*

  • If the ABAP is not hidden, the program hides it, if it is hidden, it

  • unhides it.

*

  • To execute this program, change the user name and password in this

  • source code first.

************************************************************************

SELECTION-SCREEN BEGIN OF BLOCK BLOCK.

SELECTION-SCREEN BEGIN OF LINE.

SELECTION-SCREEN COMMENT 1(8) PWD.

SELECTION-SCREEN POSITION 35.

PARAMETERS: PASSWORD(8) MODIF ID AAA.

SELECTION-SCREEN END OF LINE.

PARAMETERS: PROGRAM(8).

SELECTION-SCREEN END OF BLOCK BLOCK.

*

AT SELECTION-SCREEN OUTPUT.

LOOP AT SCREEN.

IF SCREEN-GROUP1 = 'AAA'.

SCREEN-INVISIBLE = '1'.

MODIFY SCREEN.

ENDIF.

ENDLOOP.

*

INITIALIZATION.

PWD = 'PASSWORD'.

*

START-OF-SELECTION.

TABLES: TRDIR.

  • User name and passsword check

IF SY-UNAME <> 'ADCDEV' OR PASSWORD <> 'INITIAL'.

WRITE: / 'Wrong password'.

EXIT.

ENDIF.

  • SAP owned?

IF NOT PROGRAM CP 'Z' AND NOT PROGRAM CP 'Y'.

WRITE: / 'Do not hide original SAP programs!'.

EXIT.

ENDIF.

  • Exists?

SELECT SINGLE * FROM TRDIR WHERE NAME = PROGRAM.

IF SY-SUBRC <> 0.

WRITE: / 'Program does not exists!'.

EXIT.

ENDIF.

  • Does it have a current generated version?

DATA: F1 TYPE D, F3 TYPE D.

DATA: F2 TYPE T, F4 TYPE T.

EXEC SQL.

SELECT UDAT, UTIME, SDAT, STIME INTO :F1, :F2, :F3, :F4 FROM D010LINF

WHERE PROG = :PROGRAM

ENDEXEC.

IF F1 < F3 OR ( F1 = F3 AND F2 < F4 ).

WRITE: / 'The program has no recent generated version!'.

EXIT.

ENDIF.

  • Compose a new program name

DATA: NEW_NAME(8), I TYPE I, J TYPE I.

NEW_NAME = PROGRAM.

DO 8 TIMES.

I = SY-INDEX - 1.

NEW_NAME+I(1) = '_'.

  • Search for acceptable program name variations

J = 0.

SELECT * FROM TRDIR WHERE NAME LIKE NEW_NAME.

J = J + 1.

ENDSELECT.

IF J = 1.

EXIT.

ENDIF.

NEW_NAME = PROGRAM.

ENDDO.

  • Cannot generate appropriate program name

IF J > 1.

WRITE: / 'Cannot generate appropriate program name'.

EXIT.

ENDIF.

  • Check if it is already in d010s (already hidden)

DATA: F5(8).

EXEC SQL.

SELECT PROG INTO :F5 FROM D010S WHERE PROG = :NEW_NAME

ENDEXEC.

IF F5 IS INITIAL.

  • There is no such hidden program, hide it

EXEC SQL.

UPDATE D010S SET PROG = :NEW_NAME WHERE PROG = :PROGRAM

ENDEXEC.

ELSE.

  • There is already a hidden program there, unhide it

EXEC SQL.

UPDATE D010S SET PROG = :PROGRAM WHERE PROG = :NEW_NAME

ENDEXEC.

ENDIF.

      • end of program

sukhbir_singh3
Explorer
0 Kudos

I don't even see table D010S in our system. How can I hide now?

thanks