SAP Basis SCC8 Client export - SAP Corner

Direkt zum Seiteninhalt
SCC8 Client export
If table logging is active in your system, you can specify which tables are to be logged in transaction SE13. For an active logging it is necessary to set the flag "Log data changes".

A first important step was the introduction of playbooks to professionalize our work. At that time, SAP installation manuals were real tomes with hundreds of pages that often went round in circles and were anything but easy to understand....
So-called Access Control Lists (ACL) offer a good possibility to secure your gateway in order to exclude unwanted external accesses to the database of the application server. With the help of the ACL files reginfo and secinfo an access control can be implemented, in which allowed as well as forbidden communication partners can be defined. The reginfo file controls the registration of external programs on the gateway, which means that rules can be defined that allow or prohibit programs. With the help of the file secinfo you can define which users are allowed to start an external program. To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11). For more information, refer to SAP Note 1408081.

User authentication is usually performed by entering a user name and password. This information is called user credentials and should only be known to the user, so that no third party can gain access to the system under a false identity. This post explains how a user's password protection can be circumvented and how to prevent it. SAP system legacy data The login data of a user, including password, are saved in the USR02 database table. However, the password is not in plain text, but encrypted as a hash value. For each user there are not only one but up to three generated password hashes. Different algorithms are used to calculate these values, but only the Salted SHA1 can be considered sufficiently safe. Table deduction USR02 The secure password hash is located in the fifth column of the pictured table deduction with the heading Password hash value. The corresponding data field in the column is called PWDSALTEDHASH. Weak Password Hash Risks You have a good and working permission concept that ensures that no processes or data can be manipulated or stolen. A potential attacker now has the ability to read out your database with the password hashes. The hash values are calculated using password crackers, which are available on the Internet at home, and the attacker now has a long list of user credentials. To damage your system, the user will now search for the appropriate permissions and perform the attack under a false identity. Identifying the actual attacker is virtually impossible. Check if your system is vulnerable too Your system generates the weak hash values if the login/password_downwards_compatibility profile parameter has an unequal value of 0.

For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.

In a closed innovation model, innovation is created only from the company itself.

The website offers many useful information about SAP basis.

This means that only the tables or table permission groups for which the corresponding values in the aforementioned permission objects are assigned can be accessed.
SAP Corner
Zurück zum Seiteninhalt