Skip to Content

Portal Add to Browser Favorites - security risk?

Hi All,

If I add a portal iview/page as a browser favorite in one system, it's saved with a navigation short url in the browser favorite.

Now, if I change the portal url to another system and access the favorite, I can still get to that iview/page though the role is not assigned to me in UM.

Something like this:

https://xxxx/irj/portal?NavigationTarget=navurl://cae686e04ffd1457bbf749d64f9bcc5d&sapDocumentRenderingMod…

It looks like a security risk to me.

Is it possible to prevent this? Short urls cannot be disabled now, because users have already been using this feature.

Any ideas/solutions/workarounds are appreciated.

Thanks in advance,

Raj

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Apr 05, 2016 at 12:55 PM

    Hi Raj,

    I have tested it on the same system with different users and the issue doesn't reproduce.

    Make sure that you have logged off of all sessions in your browser.

    BR,

    Saar

    Add comment
    10|10000 characters needed characters exceeded