https://community.sap.com/t5/application-development-and-automation-discussions/sap-version-information-in-response-data/m-p/9068530#M1703248 <HTML><HEAD></HEAD><BODY><P>Hi Varun,</P><P></P><P>&nbsp; May be some portal guy can help you in this to hide the data.</P><P></P><P>Thanks,</P><P>Varun Jain</P></BODY></HTML> Tue, 23 Oct 2012 23:19:02 GMT Former Member 2012-10-23T23:19:02Z https://community.sap.com/t5/application-development-and-automation-discussions/sap-version-information-in-response-data/m-p/9068529#M1703247 <HTML><HEAD></HEAD><BODY><P>Hi Team,</P><P></P><P>In a recent audit of our systems, one of the action items that has come out is the one I subjected.</P><P></P><P><STRONG>How this is achieved</STRONG>: By simply viewing the source page of the browser one can get the technology and also the version of the software being used.</P><P></P><PRE><CODE><P></P><P class="SYN_TXT" id="syn_row1" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="HTML_TAG">&lt;<SPAN class="HTML_ELM">html</SPAN>&gt;</SPAN><SPAN class="HTML_TAG">&lt;<SPAN class="HTML_ELM">head</SPAN>&gt;</SPAN><SPAN class="HTML_TAG">&lt;<SPAN class="HTML_ELM">LINK</SPAN> <SPAN class="HTML_ATR">REL</SPAN>=<SPAN class="HTML_VAL">stylesheet</SPAN> <SPAN class="HTML_ATR">HREF</SPAN>=<SPAN class="HTML_VAL">"/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_tradeshow/prtl_std/prtl_std_ie6.css?7.1.10.0.0"</SPAN>&gt;</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl2" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row2" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="HTML_TAG">&lt;<SPAN class="HTML_ELM">LINK</SPAN> <SPAN class="HTML_ATR">REL</SPAN>=<SPAN class="HTML_VAL">stylesheet</SPAN> <SPAN class="HTML_ATR">HREF</SPAN>=<SPAN class="HTML_VAL">"/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_tradeshow/glbl/glbl_ie6.css?7.1.10.0.0"</SPAN>&gt;</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl3" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row3" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"></SPAN> </P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl4" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row4" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="HTML_COM">&lt;!-- EPCF: BOB Core --&gt;</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl5" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row5" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="HTML_TAG">&lt;<SPAN class="HTML_ELM">meta</SPAN> <SPAN class="HTML_ATR">http-equiv</SPAN>=<SPAN class="HTML_VAL">"Content-Script-Type"</SPAN> <SPAN class="HTML_ATR">content</SPAN>=<SPAN class="HTML_VAL">"text/javascript"</SPAN>&gt;</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl6" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row6" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="HTML_TAG">&lt;<SPAN class="HTML_ELM">script</SPAN> <SPAN class="HTML_ATR">src</SPAN>=<SPAN class="HTML_VAL">"/irj/portalapps/com.sap.portal.epcf.loader/script/optimize/js13_epcf.js?7.01000082"</SPAN>&gt;</SPAN><SPAN class="HTML_TAG">&lt;/<SPAN class="HTML_ELM">script</SPAN>&gt;</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl7" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row7" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="HTML_TAG">&lt;<SPAN class="HTML_ELM">script</SPAN>&gt;</SPAN><SPAN class="JS_TXT"></SPAN></SPAN> </P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl8" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row8" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT"><SPAN class="JS_COM">&lt;!--</SPAN></SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl9" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row9" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">EPCM.relaxDocumentDomain();</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl10" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row10" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">EPCM.init( {</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl11" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row11" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">Version:<SPAN class="JS_NUM">7.01000082</SPAN>,</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl12" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row12" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">Level:<SPAN class="JS_NUM">1</SPAN>,</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl13" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row13" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">PortalVersion:<SPAN class="JS_STR">"7.0110.20110711113411.0000"</SPAN>,</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl14" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row14" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">DynamicTop:false, <SPAN class="JS_COM">// [service=true nestedWinOnAlias=false]</SPAN></SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl15" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row15" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">UAType:<SPAN class="JS_NUM">1</SPAN>, <SPAN class="JS_COM">// [MSIE]</SPAN></SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl16" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row16" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">UAVersion:<SPAN class="JS_NUM">7.0</SPAN>,</SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl17" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row17" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">UAPlatform:<SPAN class="JS_NUM">1</SPAN>, <SPAN class="JS_COM">// [Win]</SPAN></SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl18" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row18" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">UIPMode:<SPAN class="JS_STR">"1"</SPAN>, <SPAN class="JS_COM">// [Default=1, User=0, Personalize=true]</SPAN></SPAN></SPAN></P><P class="SYN_ROW"></P><DIV class="SYN_LNB"><INPUT class="SYN_LNN" type="text" value="" /><INPUT class="SYN_BCH" id="syn_ctrl19" type="text" value="" /></DIV><P></P><P class="SYN_TXT" id="syn_row19" style="text-indent: -0.5em; padding-left: 1em;"><SPAN class="HTML_TXT"><SPAN class="JS_TXT">UIPWinFeatures:<SPAN class="JS_STR">""</SPAN>,</SPAN></SPAN></P></CODE></PRE><P></P><P>How can we avoid this?</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Tue, 23 Oct 2012 22:07:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sap-version-information-in-response-data/m-p/9068529#M1703247 former_member188073 2012-10-23T22:07:03Z https://community.sap.com/t5/application-development-and-automation-discussions/sap-version-information-in-response-data/m-p/9068530#M1703248 <HTML><HEAD></HEAD><BODY><P>Hi Varun,</P><P></P><P>&nbsp; May be some portal guy can help you in this to hide the data.</P><P></P><P>Thanks,</P><P>Varun Jain</P></BODY></HTML> Tue, 23 Oct 2012 23:19:02 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sap-version-information-in-response-data/m-p/9068530#M1703248 Former Member 2012-10-23T23:19:02Z https://community.sap.com/t5/application-development-and-automation-discussions/sap-version-information-in-response-data/m-p/9068531#M1703249 <HTML><HEAD></HEAD><BODY><P>You should actually report this to SAP via a customer message on the service.sap.com and not on SCN...</P><P></P><P>Generally this information is not protected by authentication and you can call public functions to display the data. the trick is to use a URLfilter on the webdispatcher to determine what the internal functions can call and what an externel caller can see.</P><P></P><P>Depending on how this "trade shop" is built this may be possible to avoid (blocking the HREF and calls to the "system info" functions) but then the stylesheet might not be able to be used as a nasty side effect as that is on the server side and already contains some release indication in it's name.</P><P></P><P>--&gt; you should report this to SAP via Service Market Place.</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Wed, 24 Oct 2012 20:41:12 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sap-version-information-in-response-data/m-p/9068531#M1703249 Former Member 2012-10-24T20:41:12Z