on 08-21-2014 10:51 AM
Hi All
We are now receiving security concerns from customer about FIORI.
1.Information Leakage:
for instance , when we clicked an item , then it failed, and we got the error message which might cause information leakage.
Is it possible that the backend could provide some general information with no sensitive information involved.
2.remember password option:
after entering the password and username, the browser will prompt if you want to remember the password. there is security concern to remember password in browser. Is it possible to disable this pop-up window, that is , is it possible to Set auto complete off in every form that is getting submitted.
Thanks
Message was edited by: Michael Appleby
Hi Torren,
i don't want to be a smartass, but do you really think it's a good idea to post an image, where you can see a productive URL of a customer? When we talk about security, we should start to hide or obfuscate such information, which are absolutely not necessary to investigate an issue. I think the customer itself doesn't want to see this information in a forum, which is available for everyone in the internet. Besides: Never post a real User of a productive System in a forum!!! I couldn't believe, that your Test-User "TEST*****" is actual a real one. A hacker has now perfect premises to start an attack on this system!
Because i myself am a customer of SAP, i have the expectations, that SAP always works confidential with my data.
Sry, if i can't answer your questions, but this topic is very important for me!
Regards
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
People are posting links to systems they are working with for years. Sometimes the name of the link is only server, but the link behind it still points to the real system. Sometimes the problem is that not everyone understands that SCN is a public web site, accessible to all.
A small reminder to the moderator that a link was posted should help in having the post reviewed, edited, blocked or removed,
Hi Torren,
Is this the first time that customer is going to use web browser? How do they access to their company home page or any other application? Those items are not specific for Fiori and happen to any other applications. What was comment from their IT team? Please share background.
Regards, Masa
SAP Customer Experience Group - CEG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.