Solved: BI Platform Support Tool Issue: question regarding...

joshua_kuhn · ‎12-15-2015

<posted on behalf of customer>

Alert Summary -> System Alerts -> webapplicationservers.protocolprops.compression

As far as I know enabling compression is controversial, at least for HTTPS. Please see CRIME for details.

Is it recommended by SAP to enable compression also for HTTPS, despite the risks?

Otherwise the corresponding check should be adapted to reflect this.

joshua_kuhn · ‎12-15-2015

Alert Summary -> System Alerts -> webapplicationservers.protocolprops.compression

I created a JIRA ticket to review this one. ( BITBITOOL-748 ) We'll work with the internal SAP team that supports the various application servers to get their thoughts on this. But its quite possible, as you mentioned, we just need to add an SSL check during the evaluation of this alert.

Toby_Johnston · ‎02-03-2016

Hi Mortiz,

I haven't forgotten about this. I'm waiting for an official statement from the BI product team regarding CRIME and BREACH exploits. I'll post back again as soon as possible.

Thanks

Toby

Toby_Johnston · ‎01-04-2016

I am checking on this with our security team and will follow up asap

BI Platform Support Tool Issue: question regarding validity of WebApplication System Alert (webapplicationservers.protocolprops.compression)

Accepted Solutions (1)

Accepted Solutions (1)

Answers (2)

Answers (2)

Mass processing direct activation steps

Re: SAP Build Apps - How to do Data Refresh for Ma...

Re: How to show custom Data in a Fiori App (RAP)

Re: CF Deployment Error: Error getting tenant t0

FIS Invoice Approval Error in Fiori