Skip to Content
0

Sapgui 7.50 - Is it possible to save passwords in Logon shortcuts?

Sep 15, 2017 at 07:21 AM

1.1k

avatar image

Hello,

I just tried Gui 7.50 - PL2 - it seems that registry entry
HKEY_CURRENT_USER\Software\SAP\SAPShortcut\Security
doesn't work any more. Is there an alternative possibility to save passwords?

Thanks.
Frank

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Jude Bradley
Sep 15, 2017 at 09:43 AM
1

Sorry, but this is most definitely not a good idea.

the passwords are saved in plain-text and this is a definite security risk.


See note

146173 - SAPShortcut: Saving password in SAPShortcut - not recommended

Regards,

Jude

Share
10 |10000 characters needed characters left characters exceeded
Frank Stenglein Sep 15, 2017 at 10:25 AM
1

Ok. Then it would be good if in future there would be a secure possibility to a save passwords within Saplogon 7.50 (without using SSO). Meanwhile I keep using 7.40.

Regards,

Frank

Share
10 |10000 characters needed characters left characters exceeded
Marius Piedallu van Wyk Jan 04 at 03:11 PM
0

It is sad to see that SAP has not embraced keychains etc. to solve this problem, instead promoting insecurity via password fatigue.

https://en.wikipedia.org/wiki/Password_fatigue

On Mac there is the keychain, and in windows there is similar ways to encrypt passwords using the user's system logon password.

Also most of my filesystems are full-disk encrypted.

I'm sure there are ways to have done this securely...

Share
10 |10000 characters needed characters left characters exceeded
Frank Stenglein Mar 09 at 12:47 PM
0

Great! Thanks Nelis!

Share
10 |10000 characters needed characters left characters exceeded
Nelis Lamprecht Mar 09 at 12:33 PM
0

It would be great if SAP allowed you to store passwords in the SAP Logon Pad, encrypted of course. Then simply give the option to provide a single password to access all your connection entries(like a password manager).

For now though I just use the freely available KeePass - create separate entries for all my SAP systems adding the username and password in the fields provided and then use the following example string in the URL field:

cmd://sapshcut -max -guiparm="hostname.com 00" -system=DEV -client=001 -user={USERNAME} -pw={PASSWORD}

When you click on the entry for your SAP system it executes the above string replacing username and password placeholders with your credentials automatically. This information is all encrypted of course and accessible with a single master password. Saves me having to enter my password each time.

Share
10 |10000 characters needed characters left characters exceeded