ABAP source code protected

Evaristo · ‎2019 Dec 09

Hi Experts

If I develop a unique program in ABAP, there is a way to protect it from illegal distribution?
I don't know now if this example is the best one or not, but I can see SAP have some ways to protect their code, like the program SAPMSYST for example.

How are the best options to protect my code in ABAP?

Thank you.
Best regards,
Evaristo.

FredericGirod · ‎2019 Dec 09

SAPMSYST is protected at kernel level

before, we could use *@#@@[SAP] at the first line of the program. You could try. (after you will not be able yourself to read it)

Sandra_Rossi · ‎2019 Dec 09

This feature has been disabled since kernel 7.21 -> see note 2198580 - Code injection vulnerability in ABAP

Sandra_Rossi · ‎2019 Dec 09

This question has been asked tens of times in the forum.

p244500 · ‎2019 Dec 09

Hi,

check this

How to Protect your Programs from Copying or Changing

matt · ‎2019 Dec 10

Good link. But only so evaristo.broulloncouso can scroll to the bottom and read trond's comment beginning:

I would never accept developers to hide their code, nor would I procure products (add-ons) from third-party vendors where the code was hidden

Evaristo · ‎2019 Dec 14

Hi Matthew

Thank you for your answer.
My point is hiding the code from the client, they need to know what's happening inside their system of course.
My point is, if you develop a new product (add-on) how to protect from illegal copy or use? Whats your advice?

Thank you.
Best regards,

DoanManhQuynh · ‎2019 Dec 16

If you have your own SAP server, you can hide code by enhancement, limit debug authorization...but when it come to client site, you cant hide it from them, its their system. if you want to hide it from other developers then who will develop it...

matt · ‎2019 Dec 17

You can protect from change by using a namespace. You cannot prevent people looking at your code. I work for a company that produces software written in ABAP. Anyone could steal it if they really put their minds to it - but the effort would be enormous.

There are plenty of other companies with ABAP code products. They manage to survive. What's so special about your product that it needs to hidden?

keremkoseoglu · ‎2019 Dec 16

If you really want to hide your code, keep it on the cloud. You can implement certain critical parts of your code as a RESTful service on SAP Cloud Library, Amazon, Heroku, etc; and let the ABAP code make API calls when needed. That way, you can protect your precious know-how and control who is using your application.

Good luck convincing your clients to a vendor lock-in with you though.

Rashid_Javed · ‎2019 Dec 16

In SAP code, at times you can see the CALL statement that is used to call system functions but as per the documentation this statement is for internal use only and should bot be called in application program.

With reference to your question, may be you can separate the critical functionality of your program and implement it as

1: An OS level script on Application server. This script can be called as OS command. Refer to transaction SM49.

2: A program that can be called by using RFC destination of type T (TCP/IP). So this program can be any executable file or a script at a dedicated host machine.

3: As mentioned by "Kerem Koseoglu" above, implement your critical logic as web services. Although I would add that web services can be RESTful or SOAP based. Cloud has its advantages but for paranoid customers, you can have a dedicated server at client premises exposing the required functionality as SOAP or RESTful service (so nothing is going out of the company network 🙂 ).

RJv

Föß · ‎2019 Dec 16

There is no way to protect your ABAP. But why do you want this? We also have a product, o.k. the code is "visible" but it is very complex to just copy it in a local class. If some developer copy parts of the code, so what? In my opinion, this is one reason for the success of ABAP.

If you want to "hide" your code, you have to change to a different environment (SAP Cloud, ... ).

Regards, Johann