Solution : https://service.sap.com/sap/support/notes/1140031 (SAP Service marketplace login required)
Summary :
The SAP Note addresses the use of rfcexec and the RFC Library, particularly focusing on security concerns around file interfaces triggered by rnetexec, primarily in relation to ALE port types "file" and "XML file". To mitigate vulnerabilities, three security measures are suggested: firstly, the use of SAP NetWeaver RFC Library, which benefits from improved security features and controlled function module invocation; secondly, the application of a classic RFC Library with a command blacklist approach; thirdly, the option to avoid using the trigger, eliminating the need for RFC functionality. Each method carries different implications for security and system configuration, particularly emphasizing the needs for secure communication through Secure Network Communications (SNC).
Key words :
port definition system id client id user, rfc communication sap strongly recommends, sap netweaver rfc library compared, invoke function modules edi_data_incoming, file based hand shake, classic rfc libraries ascii, sap netweaver rfc library, classic rfc library, sap netweaver rfcsdk 7, generic rfc server
Related Notes :
| 1581595 | rfcexec or startrfc fail after upgrade |
| 1481923 | |
| 1058327 | SAP NW RFC SDK 7.10 -- Patch-Level 2 |
| 1025361 | Support and Availability of the SAP NetWeaver RFC Library |
| 1005832 | Overview on RFC Libraries and SDKs |
| 618941 | EDI: Authorization check when triggering the file output |
| 618516 | Security-related enhancement of RFCEXEC program |
| 27517 | Installing RFCSDK |