Re: Object Check status in switchable authorizations
Very interesting experiment! ABAP statements are in the end kernel functions and some of them protect their call stacks so that you can only call them from scenarios which are released and activated...
View ArticleRe: Object Check status in switchable authorizations
Ahh, I guess thats why I guess somewhere there was a mention of vendors making use of switchable framework, to introduce newer auth checks for increased security. I used SACF to define the scenario and...
View ArticleRe: Object Check status in switchable authorizations
I assumed that you are trying to control a UI "nest" with submits. Converting to tcodes is one option. Making correct application auth checks in the programs in addition to the tcode checks is even...
View ArticleClik here to view.
Re: Question: Security Threat OSS Note 2067859
Hi Julius, I'm not quite sure, where you are heading to with your speculations . The DSA issue is not related to POODLE and simply was a bug and not a feature and especially no feature with regards to...
View ArticleC4C Cloud for Customer - User Provisioning
Hi All We are implementing C4C at a customer, where OIM and GRC are access provisioning tools in production, right now from the information we have got and consider project scoping, GRC doesn't have a...
View ArticleRe: Question: Security Threat OSS Note 2067859
Hi Patrick, Sorry for the speculation - I should have disclosed it better as guesswork. I was not trying to head anywhere either, but rather track the problem back to where it comes from in the first...
View ArticleRe: Question: Security Threat OSS Note 2067859
Hi Frank Buchholz and Patrick Hildenbrand thank you for joining this discussion so promptly and thank you for your expert feedback. I too received the email last week, but I interpreted the words...
View ArticleRe: Info message
Can you give them 3000 and 4000 in display mode only? Or does that give them inappropriate Info. Neal
View ArticleRe: restriction in MCTA
Hi Alexey, With the help of your security team you can switch the trace 'on' on this transaction to pull the Authorization objects information and try whether it is possible to restrict on this...
View ArticleRe: Question: Security Threat OSS Note 2067859
Hey Andy, I'm not a hard core security guy, so the "DSA" name itself doesn't mean a whole lot. Is it clear to you that to avoid POODLE AKA CVE-2014-3566 then you must update your CryptoLib using SAP...
View ArticleRe: Question: Security Threat OSS Note 2067859
My understanding is also that you must recreate your PSE for the system and if you created own PSEs for signatures (unfortunately these are often signed by the system and not a signature scenario) then...
View ArticleRe: Question: Security Threat OSS Note 2067859
Yes, we used to call it the "enterprise portal" at the time. All things need prototyping, I don't judge it. But there are still some out there. Cheers,Julius
View ArticleRe: Question: Security Threat OSS Note 2067859
Hi Julius, correct, when you upgrade the CryptoLib, you need to create new PSE's and by creating new PSE's you will invalidate all certificates which you have shared with satellite systems, therefore,...
View ArticleRestricting Display Access for Vendor/Customer Name,address fields in...
Hi We have a requirement for our Client to restrict Support team access in SAP Production environment, so that the Support team members are not able to view Employee Name/Address/Contact Details/DOB...
View ArticleRe: Question: Security Threat OSS Note 2067859
Hi Nick, funnily enough that SSL3 question landed on my desk on Friday in regard of Transport Layer Security in PI. I used two OSS Notes to get to the conclusion: I used Section 7 of this OSS...
View ArticleRe: Question: Security Threat OSS Note 2067859
Hi Nick,Poodle and the security threat in note 2067859 are two distinctcases. So replacing the crytolib as motivated in note 2067859 will NOT solve POODLE. Regards,Mathias P.S.: One option to fix...
View ArticleRe: Question: Security Threat OSS Note 2067859
Hi Mathias, do you know of other options for mitigating POODLE which can be shared here ? Kind regards, Andy.
View ArticleSetup SAP CryptoLib for SNC between SAP Server and external application
Hello,I want to use SAP Cryptographic Library for Secure Network Communications(SNC) between SAP Server and an external application. I followed the link (Using the SAP Cryptographic Library for SNC -...
View ArticleRe: Question: Security Threat OSS Note 2067859
I to have been looking at this. I knew from the start that POODLE and the SAPCRYPTO was a separate issue. Poodle is a vulnerability in the Protocol being used to create the Secure tunnel.So in this...
View ArticleRe: Question: Security Threat OSS Note 2067859
Hi Joshua, good question. This OSS Note doesn't give the precise solution, but it does point us in the direction of where those configurations are made on the Java stack: 1663313 - SSL not...
View Article