on 04-05-2012 11:47 AM
Hi Experts,
i am SAP PI developer i required some information regarding following points which are related to the NWA.
we had security review to our SAP PI Interfaces. so the review team has suggest some changes at server level for the security
those are
1) Lack of insufficient Automatic session expiration
below is the security team recommendations about this issue
specific scenario:
The application default session timeout is approximately 1 hour or more. A long expiration time increases an attacker's chance of successfully guessing a valid session ID. This type of problem is prominent in case of shared desktops for e.g. desktops present in public library, internet café etc. By not implementing session expiration functionality, users can surf the application and view stored data after a valid user used and left the application unattended.
recommendations:
Verify that session timeouts are implemented in all sessions, the maximum time should be 30 minutes of inactivity, but we recommend setting this to 20 minutes.
query :
1) where we need to decrease this session time out (please provide specific path if it is availble)?
2) how it would effect to the SAP PI developers if we change the session timeout?
2) Debug Mode Enabled in Server
below is the security team recommendations about this issue
Specific Scenario:
Web applications frequently generate error conditions during normal operation.
These errors must be handled according to a well thought out scheme.
Technical details about the application exception are displayed to the users.
These error messages disclose information such as Java stack traces
Recommendations:
Disable debug mode in server
Queries:
1) where we need to disable this debugging mode (please provide specific path if it is available in NWA)?
2) how it would effect to the SAP PI developers if we disabled the debugging mode?
Please help me................
Hi Experts,
i have found the below paths for the debugging mode.
please suggest weather these are the correct ways for disable the debuging mode or not.
1) NWA----->configuration management------------->Infrastructure---------->javasystem propertise---usage_type_all_in_one------->VM environement---"debuggable" ( this parameter set for the "true")
2) NWA---->Operation managment----->Systems------>start&stop------->Java EE Instances---Server0 (in disable debug mode)
Icm & debugproxy also in disable debug mode
in first way we found the debuggble port.
in second way we found server0 in disable debug mode.
please explain me what exactly these two parameters meaining.
thanks & Regards,
mahesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.