Skip to Content
0
Former Member
Apr 24, 2009 at 07:47 PM

Note 1167258 - Security note: Program RS_REPAIR_SOURCE

607 Views

After implementing this note I still have some questions and doubts:

1. what is the purpose of this program, what is the context of its use in a development or other environment as it provides a serious backdoor to the ABAP system ?

2. wouldn't be appropriate to check if the user has developer key (entry in table DEVACCESS) on top of the S_DEVELOP authorization ?

3. even if the note is implemented, in a development environment it is possible to easily change its own code wiping out the effects of the checks implemented by the note

All in all I think you don't need too much phantasy to imagine scenarios when this could pose serious threats to any system.

Any opinions ?

Thank you,

Miklos