cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Protected web methods of sapstartsrv - Parameter ALL

sonnenschein
Discoverer

on ‎01-29-2020 11:29 AM

0 Kudos

Dear community,

I hope I placed my question correctly. If not thank you in advance for your patience and consideration.

I am currently doing some initial research with respect to the parameter service/protectedwebmethods securing the protected web methods of the sapstartsrv. The goal is to determine the differences once the parameter is set to DEFAULT, SDEFAULT and ALL and what risks exist if, e.g., method A is not protected. What I do have is the information about the value DEFAULT and SDEFAULT (source).I would appreciate if anyone could tell me where to look those up or get a list of available methods! Please note that I'm neither a developer nor an administrator, but a consultant. Thus, I have no access rights / privilege on an operating system base.

Thank you in advance!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

ImtiazKaredia
Active Contributor
‎01-29-2020 6:19 PM

Check below wiki.

https://wiki.scn.sap.com/wiki/display/SI/Protected+web+methods+of+sapstartsrv

Show replies
Show replies
kaus19d
Active Contributor
‎02-03-2020 9:28 PM
0 Kudos

Hi sonnenschein,

The details are already provided in the wiki link. However, to simply explain is DEFAULT is non-secure like how we use HTTP & HTTPs protocol for webservices, so S in SDEFAULT stands for Secure. So the use is basically from your prospective, in some cases your some of the applications which is not set for secure or certificate based web-methods call, in that scenario, you can try DEFAULT, so that would mean that you need try both options DEFAULT & SDEFAULT & check which of your needed options are working & which are not. Generally with SDEFAULT also you can take different combinations like below value for the parameter,

service/protectedwebmethods = SDEFAULT -J2EEGetProcessList -ReadLogFile -ListLogFiles -GetAlertTree -GetVersionInfo -ParameterValue -GetAccessPointList -PerfRead -MtGetTidByName

Thanks,

Kaushik

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎02-03-2020 4:45 PM
0 Kudos

Hello Maren,

I see that you would not have access to the OS level.

However, to get a list of all methods available, you could run "sapcontrol" without any arguments and the list will be presented.

The wiki page you found has an example of how to verify which method is currently protected, so one could set the parameter "service/protectedwebmethods" to "DEFAULT", see what is protected by it, then change the parameter to "SDEFAULT" and compare with the previous output to see the difference.
Although this procedure might give you some work, it shows what methods are protecetd when using each value at your current SAP kernel release / patch level, so it is the most accurate.

The value "ALL" means that all methods are protected.

Regards,

Isaías

Show replies
Show replies
sonnenschein
Discoverer
‎01-30-2020 9:19 AM
0 Kudos

Thanks for your answer. Unfortunately, this is the link that I already got as a source. As far as I understand the commands at the bottom (sapcontrol), access to the OS is required. Isn't there just kind of list of all methods provided?

Show replies
Show replies
warren_angerstein3
Active Participant
‎02-03-2020 9:02 PM
0 Kudos

Run it through SAP program RSBDCOS0 giving the full path to the sapcontrol

Ask a Question