Weblog:	A Simple Disclaimer on the Logon Page
Subject:	Neat idea...
Date:	2006-12-13 19:50:14
From:	Michael Nicholls  Business Card
But can it be overcome by a malicious user using the http://portal:port/irj/portal?j_user=myuser&j_password=mypassword form of logging in? Cheers

Previous Message Next Message  Showing messages 1 through 2 of 2. Titles Only Main Topics Oldest First Neat idea... 2006-12-13 21:18:11 Prem Mascarenhas  Business Card [Reply] Hi Michael, Thanks for your comment. Yes it can be overcome. I was just thinking of a crude solution to this. Maybe in the par file of the first iview assigned to the first role, we can have a check: if(cu.match("j_user=") != null && cu.match("j_password=") != null) { Call a new portal component from a different par file. } In this component we can invalidate the session and redirect to http://<host>:<port>/irj/portal Do you think it a good idea? Neat idea... 2006-12-14 00:06:19 Michael Nicholls  Business Card [Reply] But if there were lots of different iViews on the different home pages... I still think the best way to do this is through role assignments - they are our security mechanism in the portal and we should use them.. Cheers Showing messages 1 through 2 of 2.

SAP, mySAP, mySAP.com, xApps, xApp, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product, service names, trademarks and registered trademarks mentioned are the trademarks of their respective owners.