Posting sensitive data via href's

Similar Messages

• Calling a new browser window with WD Abap and passing data via POST

  Hi there,
  does anybody know whether passing data via POST method is possible when opening a new browser window from within a Web Dynpro Component? In my case I use method IF_WD_WINDOW_MANAGER->CREATE_EXTERNAL_WINDOW for opening a new browser window. Now I want to pass a big amount of data which is only possible via POST method. How can I achieve that or is it not considered inside the Web Dynpro Framework?
  Kind regards,
  Albert

  Hi Priya,
  can you please explain a little bit more what you mean? I didn't get it..
  Kind regards,
  Albert

• Posting large amount of data via sync web service

  Hi,
  I'm trying to posting a large data via sync soap adapter and receiver as abap proxy. I'm getting log version status in SXMB_MONI when ever i try to post data >5k. Any idea how to trace it? If got timeout should there be an error message in SXMB_moni instead of log version? Thanks.

  Hi,
  This message occurs when process on  receiving system somehow is locked and does not return a response.
  your receiving system is an ABAP system, goto  sm66 ,sm12 in th abap system. In sm66 look for transactions which are running for very long and inside sm12 look for locks that interfere in processing of message on the abap system.
  also maybe the response system was locked when time request was send and therfore no response was received.
  also chk this blog :-
  /people/michal.krawczyk2/blog/2005/05/10/xi-i-cannot-see-some-of-my-messages-in-the-sxmbmoni
  hope it helps.
  Regards,
  Rohit

• Error trying to extract data via HFM objects

  I've written a program to extract selected data from HFM (version 11.1.1.3.500) using the API objects. The program (shown at the bottom of this post) is failing on the 2nd of the following 2 lines:
  oOption = oOptions.Item(HSV_DATAEXTRACT_OPT_SCENARIO_SUBSET)
  oOption.CurrentValue = lBudgetScenario
  where oOption is a data load/extract object previously initialized and lBudgetScenario is the long internal ID for our budget scenario.
  The error is usually "COM Exception was unhandled" with a result code of "0x800456c7", but, mysteriously, even with no code changes, it sometimes throws the error "FileNotFoundException was not handled", where it says that it could not load "interop.HSXServerlib or one of its dependencies". The second error occurs even though HSXServer was previously initialized in the program and used in conjunction with the login.
  I've carefully traced through the VB.NET 2010 code and find that all relevant objects are instantiated and variables correctly assigned. It also occurred to me that the data load DLLs might have been updated when the 11.1.1.3.50 and 500 patches were applied. For that reason, I removed the references to those DLLs, deleted the interop files in the debug and release folders and copied the server versions of those DLLs to my PC. I then restored the DLL references in Visual Studio which recreated the interops. However, the error still occurs.
  The ID I'm using (changed to generic names in the code below) has appropriate security and, for example, can be used to manually extract data for the same POV via the HFM client.
  I've removed irrelevant lines from the code and substituted a phony ID, password, server name and application name. The line with the error is preceded by the comment "THE LINE BELOW IS THE ONE THAT FAILS".
  Imports HSVCDATALOADLib.HSV_DATAEXTRACT_OPTION
  Module Module1
  Public lActualScenario, lBudgetScenario As Long
  Public oClient As HSXCLIENTLib.HsxClient
  Public oDataLoad As HSVCDATALOADLib.HsvcDataLoad
  Public oOptions As HSVCDATALOADLib.IHsvLoadExtractOptions
  Public oOption As HSVCDATALOADLib.IHsvLoadExtractOption
  Public oSession As HSVSESSIONLib.HsvSession
  Public oServer As HSXSERVERLib.HsxServer
  Sub Main()
  'Create a client object instance, giving access to
  'the methods to logon and create an HFM session
  oClient = New HSXCLIENTLib.HsxClient
  'Create a server object instance, giving access to
  'all server-based methods and properties
  oServer = oClient.GetServerOnCluster("SERVERNAME")
  'Establish login credentials
  oClient.SetLogonInfoSSO("", "MYID", "", "MYPASSWORD")
  'Open the application, which will initialize the server
  'and session instances as well.
  oClient.OpenApplication("SERVERNAME", "Financial Management", "APPLICATION", oServer, oSession)
  'Instantiate a data load object instance, which will be used to extract data from
  'FRS.
  oDataLoad = New HSVCDATALOADLib.HsvcDataLoad
  oDataLoad.SetSession(oSession)
  'Initialize the data load options interface.
  oOptions = oDataLoad.ExtractOptions
  'Find the internal ID numbers for various scenarios and years.
  'These are required for HFM API function calls.
  lActualScenario = GetMemberID(DIMENSIONSCENARIO, "Actual")
  lBudgetScenario = GetMemberID(DIMENSIONSCENARIO, "Budget")
  'Construct file names for open data.
  strFileName = "c:\Temp\FEWND_BudgetData.dat"
  strLogFileName = "c:\Temp\FEWND_BudgetData.log"
  'Extract data for the current open cycle.
  ExtractData("Budget", BudgetYear, "Dec", strFileName, strLogFileName)
  End Sub
  Sub ExtractData(ByVal strScenario As String, ByVal strYear As String, ByVal strPeriod As String, _
  ByVal strFileName As String, ByVal strLogFileName As String)
  'Populate the Scenario element.
  oOption = oOptions.Item(HSV_DATAEXTRACT_OPT_SCENARIO_SUBSET)
  If strScenario = "Actual" Then
  oOption.CurrentValue = lActualScenario
  Else
  'THE LINE BELOW IS THE ONE THAT FAILS
  oOption.CurrentValue = lBudgetScenario
  End If
  End Sub
  Function GetMemberID(ByVal lDimID As Long, ByVal strMemLabel As String) As Long
  Dim oMetaData As HSVMETADATALib.HsvMetadata
  oMetaData = oSession.Metadata
  oEntityTreeInfo = oMetaData.Dimension(lDimID)
  GetMemberID = oEntityTreeInfo.GetItemID(strMemLabel)
  End Function
  End Module

  I stumbled upon the solution to my problem. The documentation for extracting data via objects defines member ID variables as Longs. In fact, I've always defined such variables as longs in previous object programs and had no problems. It appears that the datal load/extract "option" property of "Currentvalue" is defined as integer. When I changed all of my member ID items (such as the "lBudgetScenario" variable that was the right-side of the failing assignment statement) to be integers, the program worked.

• ALE error while posting payroll data

  Hi all,
  We are trying to set up payroll posting via ALE interface. We have done the following settings
  1. Distribution model setup with filters on for standard bapi's
  2. Partner profile setup
  3. RFC destination setup
  When we try to post payroll data,it was returned with the following errors
         RFC destination is not maintained for object BUS6001 and method PRECHECKPAYROLLACCOUNTASSIGN
         The account assignment objects could not be checked
         RFC destination is not maintained for object BUS6004 and method CHECK
         The G/L account could not be checked
  We verified RFC destination and it is working fine. I have searched all possible links in SCN, but unable to get the solution.
  Can someone help in this issue?

  Hi,
  Using tcode pc_payresult please check whether the off-cycle payroll is executed again in period 06-2010. If yes then try to post off-cycle payroll separately (PC00_M99_CIPE - Create Posting Run) by entering "Off-Cycle Payroll Run" parameters. May be you will get an error while posting this off-cycle payroll because this payroll is already posted. In this case you will have to reverse the existing off-cycle posting and then post off-cycle payroll again.
  Once off-cycle payroll is posted, then you try to post normal monthly payroll.
  I hope your problem will be solved by doing the above work out.
  Regards,
  Waqas Rashid

• Does Tiger store sensitive data in its files like OS 9 did?

  OS 7-9 and perhaps earlier stored sensitive data in files. For example once I copied a file to a floppy disk, and sometime later popped this disk in a PC. For some reason the file became corrupted and when I opened the file on the PC I was able to see the volume name of my Mac, the path, and other data that I never put there. The old OS always seemed to leave behind tracks in files. Does OSX do the same?
  I have been looking for a way to find out myself, but since NDE classic crashes the classic environment in OSX, and I have been unable to find a OSX alternative to NDE (does one exist)? I have been stuck.
  NDE was able to open volumes, see hidden files, change type/creator codes, and do other things. Does a alternative exist in OSX? It would be useful.
  Some screenshots
  http://johnw.freeshell.org/graphics/Picture%201.png
  http://johnw.freeshell.org/graphics/Picture%202.png
  Thanks
  John

  Hi, John.
  You wrote: "NDE was able to open volumes, see hidden files, change type/creator codes, and do other things. Does a alternative exist in OSX? It would be useful."I'm not familiar with NDE, but some of the screen shots you posted look like the same kind of output you can get from X-Ray.
  When looking for new applications, I recommend searching MacUpdate or Version Tracker. The user-submitted reviews accompanying the listings are helpful in sorting the wheat from the chaff.
  Good luck!
  Dr. Smoke
  Author: Troubleshooting Mac® OS X

• RE: DataField, update underlying data via TOOL,Express

  John,
  does it work if you mix the "CopyfromClipboard" method with the "PlaceValueinDisplayedField" ?
  If this is not the correct solution to you problem, could you please specify "where" it does not work ?
  Thanks a lot indeed.
  Best regards
  /Stefano
  Stefano POGLIANI Forté Software Consultant
  E-Mail : [email protected] Tel : +33.0)450201025
  Fax : +33.(0)450200257 Mobile : +33.(6)08431221
  Visit the Forté Web Site : http://www.forte.com/
  Ducunt fata volentem, nolentem trahunt....
  -----Original Message-----
  From: John Hodgson [SMTP:[email protected]]
  Sent: Wednesday, July 02, 1997 8:39 PM
  To: [email protected]
  Subject: DataField, update underlying data via TOOL, Express
  In TOOL code we PasteText() into a DataField, but the underlying data
  object does not get updated until the user interacts with the GUI.
  That causes problems if we need to use the underlying data object's
  value immediately after the paste. How can we:
  force an update of the underlying data object and
  ensure that the update goes through before our method call returns,
  i.e., ensure that if the update is via Forte events, those events
  are handled before returning.
  The context is a calendar lookup button that pastes into an adjoining
  DataField.
  John Hodgson |Descartes Systems Group Inc.|[email protected]
  Systems Engineer|120 Randall Drive |http://www.descartes.com
  |Waterloo, Ontario |Tel.: 519-746-8110 x250
  |CANADA N2V 1C6 |Fax: 519-747-0082

  Well, I think I have answered my own question, but I will leave it here in case anyone else has the same problem. 
  So, as far as I have been able to track down, it all went wrong when I was running through the connection wizard. 
  Under the section titled "Creating the Data Source" is describes how to find your database file and create the appropriate connection string. However, on my version of VS Express 2010 . It offered me a prompts , saying something like, "would you like to
  move this database file into the application directory and change the connection string" this sounded very sensible to me, so I said yes.
  All proceeded accordingly. And the database file now appeared in the solution explorer. 
  The app config file said that the connection string was 
  Data Source=|DataDirectory|\Database1.sdf"
  I presumed this would be interpreted correctly by the rest of the app, as it was generated by VS.
  But it didn't, what I cannot understand is how no error was generated. And data seemed to pull
  into the bound controls. 
  But I have been testing it for a while now. and it seems that if I manually override the config file with the actual directory where the file exists , then there is not a problem. Data is retained in the file 
  This is more of a VB.net question, but I couldn't find it in the drop down. I will try and move it there now
  Thanks guys for your patience. 
  p.s. RSingh , the code I posted above did come from the SaveItem_Click event
  handler

• Posting Vendor data from MDM to R3

  Hi,
  We are trying to post vendor data from MDM to ECC via XI using CREMDM -> CREMAS + ADRMAS and using the standard mapping SAP has provided. I have serialized CREMAS + ADRMAS such that ADRMAS posts before CREMAS. ADRMAS works fine but CREMAS fails with error "Fill all required fields SAPMF02K 0111 ADDR1_DATA-NAME1". Standard mapping is mapping the no-data value "/" in CREMAS NAME1 field too as recommended.Still it throws this error.
  If anyone has worked on similar scenario...Please help.
  Thanks,

  Hi Swapna,
  we had faced the same error.
  You will need to enter a value in the name1 field if you want your idoc to post successfully.
  even though in the vendor creation transaction name1 is not a mandatory field but for the idoc posting, the name1 field is required.
  We solved the error by entering a value in the name 1 field.
  Hope this helps.
  Jyotika
  Pls reward for helpful answers

• Masking sensitive data in the messages?

  All,
  We are getting some sensitive data from a legacy system that needs to be imported into R/3. There is a translation service - that translates the sensitive data into public format.
  The question i have is - though we will be able to use XI to call this translation service and translate and then send the translated values to R/3, how can we mask the sensitive data on the messages that would be logged in the XI system. (Like if somebody runs the SXMB_MONI - they will be able to see the sensitive data that was sent to get the public format back).
  Is there a setting or way - we can accomplish this in XI?
  Thanks.

  Hi,
  you have to restrict user access to certain messages.
  Go through this blog to see how to accomplish this:
  <a href="/people/michal.krawczyk2/blog/2006/01/02/xi-sxmbmoni--controlling-access-to-message-display: SXMB_MONI - controlling access to message display</a>
  Also have a look at this link to understand which are all the possible points you should protect:
  <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/a0/64f6413a15e23ee10000000a155106/frameset.htm">Protection of Sensitive Message Data</a>
  Kind Regards,
  Sergio

• Using Sensitive Data in Flash

  Hello,
  I am working on a Flash project for the web which will be using some sensitive information (for example, username, password). I am concerned about putting that data directly in the Flash file (that is, in the Actionscript used in the Flash file) in case someone decides to try to download and crack the swf. Although I am sure someone else has had to deal with this issue, I cannot seem to find a solution.
  The solution I have attempted to implement is as follows.
  Place the sensitive data in an external file (I am using an XML file).
  Load the data into the Flash file at runtime.
  Secure the data file.
  Step #3 is where I am running into trouble. I have attempted the following methods of securing the data file.
  1) Place the data file in a directory that is not accessible from the web (for example, underneath public_html). This method failed presumably because the web browser needs to access the directory?
  2) Place the data file in a web accessible directory that has been password protected via .htaccess. This method fails because a visitor is prompted to enter a password in order for data to be loaded into the Flash file.
  3) Use .htaccess to only allow access to the data file and/or its directory from the same domain. Once again, this fails presumably the request from the web browser is coming from the visitor's IP?
  Any suggestions?
  Thanks!

  Hi there,
  Right tried that and the preloader wont display, even when I simulate download at a slower speed.
  To make sure I am doing this right:
  I have my slideshow in layer1. It starts in frame2, I have my preloader in frame1.
  I then make a new layer which appears above layer1, in that I go to the end of my slideshow and click at the end.
  I then goto window - action and then enter the code you gave me.
  If that is right then the screen stays blank until the slideshow starts, no preloader.
  Am I doing this right?
  Thank you.

• Block sensitive table via Table browser

  Hello
  We have implemented HCM on out existing R/3 and now we have all the sensitive data in the production.
  In my production system there are some users who has SE16(data browser) and thet can dump those sensitive data from the production system.
  I want to restrict those sensitive data for non HR users.Can any one guide me that how to do.I have some small idea this can be done trough authorization object.(S_TABU_DIS)
  Pls provide me step by step procedure guide for this.I am totally new to SAP Basis and pls provide me the procedure doc if u have.
  Thanks
  Roshantha

  am not a basis guy but creating an authroization object and restricint it via profile would do the trick. pls check it....u can restrict at table level only for the users and not at data level

• Mandatory Infotypes to post Timesheet data to Plant Maintenance orders

  Hi all
  Can somebody tell:
  What are theMandatory Infotypes to post Timesheet data to Plant Maintenance orders via CAT2. I tried creating a data entry profile with PM/CS order objects checked,I need to know ,does it need to be assigned to the user id or some role? As of now CAT2 is not showing any personnel numbers though they are assigned in the Work centres.

  Hi Rohit
  I guess you need to maintain IT-0007 & IT-0315 for the pernr.
  Edited by: Abap on Jan 11, 2010 12:48 AM

• Re-authenticate or provide additional credentials to access sensitive data

  Hi,
  I am wondering if anyone has ever come across a scenario in SAP where a user is asked to provide an additional logon (perhaps a PIN number or asked to re-enter their password) in order to access sensitive data in the system? I was recently asked this question and in my 15 years of working with SAP I can't recall ever seeing such a scenario.
  An equivalent scenario which I see in my daily life is when I use my internet banking and I want to increase my daily transfer limits. When I go to this part of the site it asks me to provide a special code that they send to me via SMS.
  The only thing that came to my mind was Firefighter, where you can get temporary higher level privileges but this is more in a technical support role.
  Does anyone have any thoughts on this?
  Thanks in advance,
  Simon

  Hello Simon,
  If you are talking about web access to the system then this scenario can be implemented when SAML 2.0 is used. For a web application which provides sensitive data you can either force re-authentication with a password or require specific SAML 2.0 authentication context means authentication method, e.g. PIN. In this case even the user is authenticated with the ABAP system when he navigates to such application he will be redirected to the SAML 2.0 identity provider (IDP) to re-authenticate, either with a password or with a PIN. If you are interested in further details let me know.
  http://help.sap.com/saphelp_ca_cpd102/helpdata/en/4a/b5ef3222526d6de10000000a42189c/content.htm?frameset=/en/46/631b92250b4fc1855686b4ce0f2f33/frameset.htm
  Regards,
  Dimitar
  P.S. SAP provides SAML 2.0 compliant IDP which can easily be extended to support any authentication method using JAAS login modules: http://scn.sap.com/community/netweaver-sso/blog/2013/02/28/competitive-advantages-of-sap-identity-provider. With the next SP of NW SSO we plan to support by default also authentication with time-based one-time passwords (TOTP) - http://tools.ietf.org/html/rfc4226.

• Need to store sensitive data in a table, need to encrypt or data masking

  Hello,
  I have a table that contains a column of sensitive data. Which is a good method to encrypt this column? How about data masking the column? Other methods? Thank you in advance.

  Will need to share with us who is supposed to see and not supposed to see the data and under what circumstances.
  There are a number of ways to restrict access: via view/roles/privileges, encryption (DBMS_CRYPTO), or TDE if you want to buy the Advanced Security extra-cost option for Enterprise Edition.

• Nested IPE (In Place Element) usage when accessing Cluster/Array data via DVR

  I am sharing data across several VIs and loops via a DVR, and accessing the data via a DVR IPE. The data is a cluster of arrays. The diagram below (VI attached) illustrates the structures invloved, but not the structure of the application.
  (The diagram above does not include initialization of the arrays, as it is intended only to illustrate the Cluster1 data type. Array lengths could be 100.)
  The DVR (DVR1) is passed to multiple VIs of the application at startup.
  Each VI executes loops that either read or write particular elements of each array (fArray1 or fArray2).
  I believe the DVR IPE (B1-DVR) provides blocking so that only one task can modify the data (Cluster1) at any time.
  Case 1 illustrates how I currently WRITE to array elements. The outer IPE (block B1) is rolled into a VI (not shown) that takes DVR1, Index, and Value as inputs.
  Cases 2 - 4 illustrate 3 additional methods that remove one or both of the inner IPEs (B2-Cluster and B3-Array).
  Case 2: IPE B3 (Array Index/Replace Elements) is replaced with a non-IPE 'Replace Array Subset'.'
  Case 3: IPE B2 (Unbundle / Bundle Elemnts)' is replaced with a non-IPE cluster 'Unbundle'/'Bundle'.
  Case 4: removes both B2 and B3.
  I implemented case 1 a long time ago.  When I had to do the same thing again recently, I did case 4.  When I stumbled across my earlier implementation, I was a bit suprised
  Which of the 4 cases should take the least time (or resources) to execute? I think case 4 has as few array allocations as any of the other 3.
  The attached image did not capture the Buffer Allocation marks, so I marked the ones that differed with a red "B".
  I am only interested in differences in how the arrays are handled, so I see no signioficant differences.
  Is this one of those cases where LV doesn't need my help?
  Incidently, I recently wrote a small app with shared data and decided to try FGVs to share array data.  For small arrays, 10^7 iterations, and an FGV based array-element read followed by a element write, the FGV was faster.  1.2us per read/write for FGV vs 3us per r/w for an DVR/IPE based read/write (like above).
  Peter
  LV 2011 SP1, Windows 7 64-Bit
  Attachments:
  IPE.vi ‏9 KB

  Option 1 is a definite no and as far as I know it has been NI's explicit intention to steer clear from it. I believe there's an idea in the IE which asks for this.
  I agree that option 2 makes sense, but I don't think it should be something the user specifies. Either LV can detect it automatically or it can't, but I doubt NI would let you have an option which creates the possibility for this kind of bug.
  I'm not sure, but the mark as modifier option on the IPES might be the option you're looking for. I know that it exists and I know very roughly what it does, but the documentation for it is very limited and I never actually played around with it, as usually I don't need these kinds of optimizations.
  You may well be right that a new option on the IPES is desirable and you should probably add it to the idea exchange.
  As for NIWeek, I'm not going this year, so I have no idea what kinds of sessions are around, but it's a great place to find people who know what they're talking about and ask them about it directly. Certain people in LV R&D would probably be ideal for this and if you ask relevant people, you might even get their names. I'm sure buying them a beer would also help to loosen their tounges. If you ask me, this type of interaction is the main value of the conference, not the sessions themselves.
  Try to take over the world!