11-28-2011 1:23 AM
Hi experts,
I developed a portal content with WDA, and I create an iView according to this WDA.
I also create a Role which contains this iVIew, and my portal id is assigned to this Role
My portal id is using user mapping to backend IDES ERP system.
When I use firefox to view this iView content with http trace, I see the http header that contains information <sap-user> and <sap-password>, that means I can use this ID/PW to do something.
It might be a security issue if someone also get the ID/PW.
Is there any way to disable these information, or what can I do about this?
Any input is appreciated, many thanks.
Best regards,
Eason
12-08-2011 8:27 AM
Please have a look at SAP note 1521137 - this notes discuss tracing & logging in the Java environment and the security risks related to it. I think this will help you.