SAP Note 1501768 - ITS: Config. permitted or prohibited OK codes during start

Component : SAP Internet Transaction Server - SAP GUI for HTMLBC-WD-JAV Web Dynpro JavaCA-UI5-TOL SAP UI d

Solution : https://service.sap.com/sap/support/notes/1501768 (SAP Service marketplace login required)

Summary :
To enhance security in SAP Internet Transaction Server (ITS), parameters ~okcode_permit and ~okcode_prohibit enable fine-grained control over OK codes that can initiate transaction statuses or modifications automatically when a service starts. By specifying permissible or prohibited OK codes in the Service Maintenance (transaction SICF) configurations, unwanted automatic executions linked to certain OK codes can be prevented, safeguarding the system from potential threats. These parameters do not affect subsequent uses of OK codes within an active session. It's crucial to correctly set up these filters to ensure that only intended functionalities are permissible.

Key words :
~webgui 1  ~transaction se38  ~webgui_simple_toolbar 1without filtering, =shop  ~okcode_prohibit[se37] /8  ~okcode_permit[se37]       /4in, 2   ~webgui 1  ~webgui_simple_toolbar 1  ~okcode_permit /1  ~okcode_prohibit /4  ~okcode_prohibit[se38] /8, ~transaktion= tx feld1=wert1, ~okcode_prohibit{[transaktion ]}{[index]} okcodea, ~okcode_permit{[transaktion] }{[index]} okcode1, indexed lines  ~okcode_prohibit[se38] /8, sap internet transaction server, optional current index, ~okcode_permit[se37] =shop

Related Notes :

1481392Cross Site Request Forgery Protection for ITS