cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Temporary Internet Files - security Risk in portal?

Go to solution
Former Member

on ‎04-06-2009 9:47 AM

0 Kudos

Hi Experts,

I have uploaded a word document in to my personal documents folder, then i tried to open it and it automatically created a copy of the file in the temporary folder. I logged off , but still the document remains in the temp folder.

How do we fix this problem? it is a huge security risk for the portal users as someone can easily take the confidential information from the temp folder. Implementing as SSL portal (https) will only solve this problem?

Please let me know how to solve this issue.

Thanks,

Vijay

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

detlev_beutner
Active Contributor
‎04-06-2009 10:23 AM
0 Kudos

Hi Vijay,

In general, the issue you have described is nothing special concerning the portal. Downloading files normally lead to a saved copy of the content in the IE (disc) cache.

If using SSL, then you could activate the setting "DisableCachingOfSSLPages" (the IE menu text must be slightly different, but this is the name of the corresponding key in the registry). The prevents saving SSL content on the disc - but: This also normally leads to not being able to open files afterwards, as opening such a downloaded file needs a physical copy of the file!

But as said, this is not an issue due to SAP NW Portal, but it is a general "issue" (if your really think this is an issue) when downloading files via the browser. The user is still able to clear the cache manually afterwards.

Best regards

Detlev

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎04-24-2009 12:00 PM
0 Kudos

Hi,

we had the same problem. The payroll shown in ESS was stored in temporary internet files on local system of the user. This was a security issue for us.

We customized our portal to be able to do https (SSL). Then we mark some iview´s (etc.) to do https and use the secure method.

Now we can enter the whole portal via http and if a user wants to show content that is critical, it is opened via https.

Note:

1.You must set the value mentioned above in the users internet browser

2. This is only practicable with "READ-Only"-stuff because otherwise the portal wants to set a table lock and this doesn´t work because of the protocol change from http to https and back! In other cases you must have the whole portal secured by SSL!

Show replies
Show replies
Former Member
‎06-26-2009 11:45 AM
0 Kudos

has your issue got resolved ? If yes can you share?

Ask a Question