cancel
Showing results for 
Search instead for 
Did you mean: 

Personas 2.0&3.0: how to secure the WebRFC call used by Personas?

Former Member
0 Kudos

Hi Personas experts,

As we see, one can implement a function module (eg, based on a user name to return the initial as JSON) that can be called by Personas WebRFC.

My question is: would it be possible that such a function module can be called by any applications from outside the company's network? If so, how to prevent such risk? The "Whitelisk", in my understanding, is to prevent the Personas apps calling any urls. But can it be used to block the RFC calls from outside world?

Thanks a lot in advance!

Dong Zhu

Accepted Solutions (1)

Accepted Solutions (1)

steverumsby
Active Contributor
0 Kudos

You still have to login to the backend system when calling a WebRFC, so it isn't completely open. You don't notice this normally, because once you login to get access to Personas initially the same login cookie works for the WebRFC call also. Try calling a WebRFC URL from a clean browser environment and you'll see - you'll be prompted to login first.

Aside from that you'll need to think about firewall protection if you want to prevent any access at all from outside your company network. How are your SAP systems normally protected? Are they accessible from outside?

Steve.

Former Member
0 Kudos

Hi Steve,

Thanks for the reply. It indeed works as you said. We are using the it from inside the company network, here I just want to make sure that there is no other security issue if someone wants to access it from outside world.

Dong Zhu

Answers (0)