Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Use port 50013 (Management Console) with User/password

Former Member

‎12-14-2010 8:41 AM

0 Kudos

Hello,

I have a problem. We had a security auditory of SAP systems. They have seen that the port 50013 (Management Console) has not any security with user /password.

Is there a way to put a security before the information?

Best Regards.

Pablo Mortera.

8 REPLIES 8

arpan_paik
Active Contributor

‎12-14-2010 9:29 AM

0 Kudos

This message was moderated.

Former Member
In response to arpan_paik

‎12-14-2010 10:01 AM

0 Kudos

hello Arpan,

In that web it only tells me what port I can user (HTTP/HTTPS) but does not say anything about how to put a user/password it the SAP Management Console in the begining, before it apperas the Java Applet.

Best Regards.

Pablo Mortera.

arpan_paik
Active Contributor
In response to arpan_paik

‎12-14-2010 10:24 AM

0 Kudos

This message was moderated.

mvoros
Active Contributor

‎12-14-2010 10:29 AM

0 Kudos

Hi,

what OS do you use? SAP MMC should allow access only to OS users from application server Check note 927637. The newer version also allows to configure ACL that logon will be possible only from selected IP addresses (more info in note 1439348).

Cheers

Former Member
In response to mvoros

‎12-14-2010 10:32 AM

0 Kudos

Hello,

I use Sun Solaris.

Best Regards.

mvoros
Active Contributor
In response to mvoros

‎12-14-2010 10:34 PM

0 Kudos

So it does not ask for username and password when you connect from different computer? You can also try to protect this port with firewall.

Cheers

former_member432219
Active Participant

‎12-15-2010 10:17 PM

0 Kudos

Hi Pablo

The SAP Managment Console is a UI (Applet) to access the functionality of the sapstartsrv process, This process is used for montioring and administration of SAP instances and listens on port 5nn13 (or 5nn14 for https)

It is expected that you can access the UI without authentication but to carry out administrative functions (which are sapstartsrv webservice method calls) , such as shutting down an instance for example, authentication is required.

By default only the most critical of these web service methods require authentication but the list of protected webmethods can be modified. Please see note 927637 for more details

former_member527726
Explorer
In response to former_member432219

‎02-03-2011 9:41 PM

0 Kudos

Patrick,

What you say is true, however, the ability to look at logs is not password protected by default. It is a frighteningly simple procedure to capture an administrator login, break the hash to get the password, and then log on to the protected functions as an admin.

Your systems will be much more secure if you limit who can access SAPMC at the firewall and by configuring the sapstartsrv process as much as your version allows. As you say, note 927637 is the place to start.