Solution : https://service.sap.com/sap/support/notes/1501768 (SAP Service marketplace login required)
Summary :
To enhance security in SAP Internet Transaction Server (ITS), parameters ~okcode_permit and ~okcode_prohibit enable fine-grained control over OK codes that can initiate transaction statuses or modifications automatically when a service starts. By specifying permissible or prohibited OK codes in the Service Maintenance (transaction SICF) configurations, unwanted automatic executions linked to certain OK codes can be prevented, safeguarding the system from potential threats. These parameters do not affect subsequent uses of OK codes within an active session. It's crucial to correctly set up these filters to ensure that only intended functionalities are permissible.
Key words :
~webgui 1 ~transaction se38 ~webgui_simple_toolbar 1without filtering, =shop ~okcode_prohibit[se37] /8 ~okcode_permit[se37] /4in, 2 ~webgui 1 ~webgui_simple_toolbar 1 ~okcode_permit /1 ~okcode_prohibit /4 ~okcode_prohibit[se38] /8, ~transaktion= tx feld1=wert1, ~okcode_prohibit{[transaktion ]}{[index]} okcodea, ~okcode_permit{[transaktion] }{[index]} okcode1, indexed lines ~okcode_prohibit[se38] /8, sap internet transaction server, optional current index, ~okcode_permit[se37] =shop
Related Notes :
1481392 | Cross Site Request Forgery Protection for ITS |