Skip to Content

Interest for a lessons learned information page?

Hi all.

I just want to know if there is any interest in a lessons learned information in the wiki pages.

Idea is to enlighten security minded persons of some of the security holes there are in the system.

However, there is a backside to it and that is that the security holes can be used by evilminded persons.

So. Shall we start this wiki-page in order to help each other with security holes, or is the risk to high?

Comments are welcome!



Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Jun 11, 2008 at 12:58 PM

    Which holes? Where? 😊

    I for one would welcome a "lesson's learnt" contribution to help with some "booby-traps" and also some "tips and tricks" for improving security; and making interested folks more aware of some common and some special things to know.

    First, perhaps you should decide whether you want to blog or wiki (see /people/community.user/blog/2008/05/26/blog-this-or-wiki-it).Something which you consider to be a security trap, might be a security design feature for someone else.

    Of course, if it is a bug somewhere which SAP has not provided a fix for yet, then this is not the ideal place to document it... (though there are worse places).



    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jun 11, 2008 at 08:04 PM

    Hi Fredrik and others,

    As you have not clearly distinguished between "backdoors" and "pitfalls" is security design, I would be interested in your and any other's ideas on a "Challenge of the (yester)Day" sticky thread.

    I have read all threads in this forum and there are some really interesting and challenging ones which remain unanswered (at least, from the poster's point of possibly absent view).

    Upfront in the threads listed chronologically (by date) I will add the following comment:

    "Only informed answers need respond. Advertizing not allowed.".

    That way we can "bounce" high quality questions to the top of the forum... and of course suggestions of threads to add are more than wlecome, and these threads would be more actively moderated for content than others (which will make my "job" easier)?

    Any thoughts?


    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Fredrik Borlie

      I pointed this out to some of the other moderators.

      First of all, there are already SAP Security Guides available for specific focus areas (see SAP note 39267), however these are not publicly editable.

      Here at SDN, probably the wiki is the best place for this, however there is no possibility to have threaded comments on changes and it would need to be managed somehow. On the other, that which is a guideline or standard for one person or company, might not match the design or strategy of another - and wikis are not ideal for documenting disagreements 😊

      Lets see whether there are any other ideas.



Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.