Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

http trace

Former Member

‎11-28-2011 1:23 AM

0 Kudos

Hi experts,

I developed a portal content with WDA, and I create an iView according to this WDA.

I also create a Role which contains this iVIew, and my portal id is assigned to this Role

My portal id is using user mapping to backend IDES ERP system.

When I use firefox to view this iView content with http trace, I see the http header that contains information <sap-user> and <sap-password>, that means I can use this ID/PW to do something.

It might be a security issue if someone also get the ID/PW.

Is there any way to disable these information, or what can I do about this?

Any input is appreciated, many thanks.

Best regards,

Eason

1 REPLY 1

Former Member

‎12-08-2011 8:27 AM

0 Kudos

Please have a look at SAP note 1521137 - this notes discuss tracing & logging in the Java environment and the security risks related to it. I think this will help you.