Add to collection(s) Add to saved
  1. No category
Uploaded by Leandro Ortiz

1529849 E 20220427

advertisement 
2022-04-27
1529849
1529849 - Gateway security setting in an SCS instance,
AS Java
Version
Language
Priority
Release Status
Component
2
Inglés
Correction with medium priority
Released for Customer
BC-CST-GW ( Gateway/CPIC )
Type
Master Language
Category
Released On
SAP Security Note
Alemán
Consulting
11.01.2011
Please find the original document at https://launchpad.support.sap.com/#/notes/ 1529849
Symptom
With Release 7.1, the gateway is delivered as part of the SCS instance for AS
Java.
Without relevant security settings, unauthorized programs
may be started or servers may be registered.
Other Terms
Reason and Prerequisites
The gateway must have at least the following patch level as described in Note
1298433.
710: 186
711: 73
720: 34
Solution
To protect the gateway from unauthorized access, you must maintain the two ACL
files secinfo (restarting external programs) and reginfo (registering RFC
servers).
The files are defined by the gateway parameters
gw/sec_info and gw/reg_info.
The default value is:
gw/seg_info = $(DIR_DATA)/secinfo$(DAT) and/or
gw/reg_info = $(DIR_DATA)/reginfo$(DAT).
DIR_DATA is the instance-specific data directory
/usr/sap/<SID>/<INSTANCE>/data
$(DAT) is the file extension (.DAT for Windows, blank for Unix).
The file secinfo(.dat) should contain the following line:
# start of external programs disabled
© 2022 SAP SE or an SAP affiliate company. All rights reserved
1 of 3
2022-04-27
1529849
This deactivates the starting of external programs.
The file reginfo(.dat) should contain the following lines:
# list of java server
TP=* HOST=local
TP=* HOST=<host name>
...
TP=* HOST=<host name>
In this case, each Java node should be written in the file.
If the computer has several network cards, this can be
added as a list. The list can be compiled with computer names, IP addresses or
IP ranges (subnets).
TP=* HOST=<adr1>,<adr2>,...,<adrn>
As a result, only RFC server programs that run on AS Java computers can
register.
You can manage the gateway with the program gwmon.
In particular, changes to the files can be dynamically loaded subsequently
(see Note 64016) without having to restart the gateway.
In addition, see Overview Note 1305851 that
describes all known problems relating to security settings.
Software Components
Software Component
Release
SAP_BASIS
710 - 730
This document refers to
SAP Note/KBA
Title
64016
Using the SAP Gateway monitor GWMON
1305851
Overview note: "reg_info" and "sec_info"
1298433
Bypassing security in reginfo & secinfo
© 2022 SAP SE or an SAP affiliate company. All rights reserved
2 of 3
2022-04-27
1529849
This document is referenced by
SAP Note/KBA
Title
1305851
Overview note: "reg_info" and "sec_info"
64016
Using the SAP Gateway monitor GWMON
Terms of use | Copyright | Trademark | Legal Disclosure | Privacy
© 2022 SAP SE or an SAP affiliate company. All rights reserved
3 of 3
Related documents
Develop your Systems Continuous Improvement copy
Develop your Systems Continuous Improvement copy
UYEN getBackgroundReport
UYEN getBackgroundReport
Beyond-Technologies-SAP-PP-Functional-Consultant
Beyond-Technologies-SAP-PP-Functional-Consultant
Sample Parent / Teacher Conference Form
Sample Parent / Teacher Conference Form
Ceate an S-user- SAP ONE Support Launchpad
Ceate an S-user- SAP ONE Support Launchpad
Download
advertisement