Skip to Content
0
Apr 05, 2016 at 09:20 AM

Portal Add to Browser Favorites - security risk?

50 Views

Hi All,

If I add a portal iview/page as a browser favorite in one system, it's saved with a navigation short url in the browser favorite.

Now, if I change the portal url to another system and access the favorite, I can still get to that iview/page though the role is not assigned to me in UM.

Something like this:

https://xxxx/irj/portal?NavigationTarget=navurl://cae686e04ffd1457bbf749d64f9bcc5d&sapDocumentRenderingMod…

It looks like a security risk to me.

Is it possible to prevent this? Short urls cannot be disabled now, because users have already been using this feature.

Any ideas/solutions/workarounds are appreciated.

Thanks in advance,

Raj