on 01-29-2020 11:29 AM
Dear community,
I hope I placed my question correctly. If not thank you in advance for your patience and consideration.
I am currently doing some initial research with respect to the parameter service/protectedwebmethods securing the protected web methods of the sapstartsrv. The goal is to determine the differences once the parameter is set to DEFAULT, SDEFAULT and ALL and what risks exist if, e.g., method A is not protected. What I do have is the information about the value DEFAULT and SDEFAULT (source).I would appreciate if anyone could tell me where to look those up or get a list of available methods! Please note that I'm neither a developer nor an administrator, but a consultant. Thus, I have no access rights / privilege on an operating system base.
Thank you in advance!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi sonnenschein,
The details are already provided in the wiki link. However, to simply explain is DEFAULT is non-secure like how we use HTTP & HTTPs protocol for webservices, so S in SDEFAULT stands for Secure. So the use is basically from your prospective, in some cases your some of the applications which is not set for secure or certificate based web-methods call, in that scenario, you can try DEFAULT, so that would mean that you need try both options DEFAULT & SDEFAULT & check which of your needed options are working & which are not. Generally with SDEFAULT also you can take different combinations like below value for the parameter,
service/protectedwebmethods = SDEFAULT -J2EEGetProcessList -ReadLogFile -ListLogFiles -GetAlertTree -GetVersionInfo -ParameterValue -GetAccessPointList -PerfRead -MtGetTidByName
Thanks,
Kaushik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Maren,
I see that you would not have access to the OS level.
However, to get a list of all methods available, you could run "sapcontrol" without any arguments and the list will be presented.
The wiki page you found has an example of how to verify which method is currently protected, so one could set the parameter "service/protectedwebmethods" to "DEFAULT", see what is protected by it, then change the parameter to "SDEFAULT" and compare with the previous output to see the difference.
Although this procedure might give you some work, it shows what methods are protecetd when using each value at your current SAP kernel release / patch level, so it is the most accurate.
The value "ALL" means that all methods are protected.
Regards,
Isaías
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your answer. Unfortunately, this is the link that I already got as a source. As far as I understand the commands at the bottom (sapcontrol), access to the OS is required. Isn't there just kind of list of all methods provided?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.