Skip to Content
author's profile photo Former Member
Former Member

http trace

Hi experts,

I developed a portal content with WDA, and I create an iView according to this WDA.

I also create a Role which contains this iVIew, and my portal id is assigned to this Role

My portal id is using user mapping to backend IDES ERP system.

When I use firefox to view this iView content with http trace, I see the http header that contains information <sap-user> and <sap-password>, that means I can use this ID/PW to do something.

It might be a security issue if someone also get the ID/PW.

Is there any way to disable these information, or what can I do about this?

Any input is appreciated, many thanks.

Best regards,

Eason

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Dec 08, 2011 at 08:27 AM

    Please have a look at SAP note 1521137 - this notes discuss tracing & logging in the Java environment and the security risks related to it. I think this will help you.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.