cancel
Showing results for 
Search instead for 
Did you mean: 

Session time outs & Debugging mode

Former Member
0 Kudos

Hi Experts,

i am SAP PI developer i required some information regarding following points which are related to the NWA.

we had security review to our SAP PI Interfaces. so the review team has suggest some changes at server level for the security

those are

1) Lack of insufficient Automatic session expiration

   below is the security team recommendations about this issue

specific scenario:

The application default session timeout is approximately 1 hour or more. A long expiration time increases an attacker's chance of successfully guessing a valid session ID. This type of problem is prominent in case of shared desktops for e.g. desktops present in public library, internet café etc. By not implementing session expiration functionality, users can surf the application and view stored data after a valid user used and left the application unattended.

recommendations:

Verify that session timeouts are implemented in all sessions, the maximum time should be 30 minutes of inactivity, but we recommend setting this to 20 minutes.

query :

1) where we need to decrease this session time out (please provide specific path if it is availble)?

2) how it would effect to the SAP PI developers if we change the session timeout?

2) Debug Mode Enabled in Server

below is the security team recommendations about this issue

Specific Scenario:
Web applications frequently generate error conditions during normal operation.

These errors must be handled according to a well thought out scheme.
Technical details about the application exception are displayed to the users.

These error messages disclose information such as Java stack traces

Recommendations:

Disable debug mode in server

Queries:

1) where we need to disable this debugging mode (please provide specific path if it is available in NWA)?

2) how it would effect to the SAP PI developers if we disabled the debugging mode?

Please help me................

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Experts,

i have found the below paths for the debugging mode.

please suggest weather these are the correct ways for disable the debuging mode or not.

1) NWA----->configuration management------------->Infrastructure---------->javasystem propertise---usage_type_all_in_one------->VM environement---"debuggable" ( this parameter set for the "true")

2) NWA---->Operation managment----->Systems------>start&stop------->Java EE Instances---Server0 (in disable debug mode)

Icm & debugproxy also in disable debug mode

in first way we found the debuggble port.

in second way we found server0 in disable debug mode.

please explain me what exactly these two parameters meaining.

thanks & Regards,

mahesh

Former Member
0 Kudos

Hi Jagadish,

is it possible to provide the session time out for the webservices which are generated by the SAP PI server

please let me is there any such type of configurtions available