Skip to Content
author's profile photo
Former Member

LAC Link Security

Hi All!

We are implementing LAC for vendors which connect through the internet.

When starting the applet for LAC, the link is like this:

https://himalia.afip.gov.ar/srm/appletInvoker?

auctionID=47049C25EE095AC6E10000000A1ECD92&sapClient=300&userID=20202009736&userType=initiator&language=ES&auctionDetailsURL=10.30.205.146:8002BBP_AUC_SRM_EX/!?

AUC_GUID=47049C25EE095AC6E10000000A1ECD92&addSession=1&client=300&language=es&accessibility=0

Some fo the information on this link, as auctionDetailsURL, may be

sensitive to security issues and we want to know what is the pourpose /

description of each parameter.

Also, is there anyway to make that information invisible to the user in

order to avoid security issues?

Thanks

Gabriel

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • author's profile photo
    Former Member
    Oct 11, 2007 at 05:19 PM
    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Oct 12, 2007 at 09:14 AM

    Hi,

    <b>You can use previous LAC 2.0 instguide.</b>

    service.sap.com/instguides -> mySAP Business Suite Apps -> mySAP SRM -> SRM 5.0 -> Installation Guide: Live Auction Cockpit 2.0

    <b>Related links -></b>

    lac-landscape

    problem-configuration-lac-10

    Do let me know.

    Regards

    - Atul

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Oct 12, 2007 at 12:51 PM

    I have been able to change the auctionDetailsURL parameter through the PPOMA_BBP and PPOMV_BBP ITS_DEST and EXT_DEST attributes. So now, that parameter is showing a URL I can modify.

    That was one of the most threatening parameters. Despite of that, I still think those parameters sheould not be send visible to the general pubic.

    Thanks all!!

    Gabriel

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi

      <u><b>Please try these SAP OSS Notes -></b></u>

      Note 1008524 - last minute installation, upgrade and patch info for LAC 6.0

      Note 903441 System Copy of SAP Web AS 6.40 and 7.00 J2EE with LAC-WPS

      Note 860625 - LACWPS 2.0 Auction Details and Help links do not work

      Note 791053 Auction Details Link and Help Link in LAC do not work

      <b>Related Notes -></b>

      Note 870863 - Hom./Het.System Copy SAP NetWeaver 2004s

      Note 785848 - Hom./Het.System Copy SAP Web AS 6.40 SR1 Java

      Note 701205 - Single Sign-On using SAP Logon Tickets

      <b>Hope this will help. Do let me know.</b>

      Regards

      - Atul