2012 Oct 23 11:07 PM
Hi Team,
In a recent audit of our systems, one of the action items that has come out is the one I subjected.
How this is achieved: By simply viewing the source page of the browser one can get the technology and also the version of the software being used.
<html><head><LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_tradeshow/prtl_std/prtl_std_ie6.css?7.1.10.0.0">
<LINK REL=stylesheet HREF="/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_tradeshow/glbl/glbl_ie6.css?7.1.10.0.0">
<!-- EPCF: BOB Core -->
<meta http-equiv="Content-Script-Type" content="text/javascript">
<script src="/irj/portalapps/com.sap.portal.epcf.loader/script/optimize/js13_epcf.js?7.01000082"></script>
<script>
<!--
EPCM.relaxDocumentDomain();
EPCM.init( {
Version:7.01000082,
Level:1,
PortalVersion:"7.0110.20110711113411.0000",
DynamicTop:false, // [service=true nestedWinOnAlias=false]
UAType:1, // [MSIE]
UAVersion:7.0,
UAPlatform:1, // [Win]
UIPMode:"1", // [Default=1, User=0, Personalize=true]
UIPWinFeatures:"",
How can we avoid this?
Thanks,
Varun
2012 Oct 24 9:41 PM
You should actually report this to SAP via a customer message on the service.sap.com and not on SCN...
Generally this information is not protected by authentication and you can call public functions to display the data. the trick is to use a URLfilter on the webdispatcher to determine what the internal functions can call and what an externel caller can see.
Depending on how this "trade shop" is built this may be possible to avoid (blocking the HREF and calls to the "system info" functions) but then the stylesheet might not be able to be used as a nasty side effect as that is on the server side and already contains some release indication in it's name.
--> you should report this to SAP via Service Market Place.
Cheers,
Julius
2012 Oct 24 12:19 AM
Hi Varun,
May be some portal guy can help you in this to hide the data.
Thanks,
Varun Jain
2012 Oct 24 9:41 PM
You should actually report this to SAP via a customer message on the service.sap.com and not on SCN...
Generally this information is not protected by authentication and you can call public functions to display the data. the trick is to use a URLfilter on the webdispatcher to determine what the internal functions can call and what an externel caller can see.
Depending on how this "trade shop" is built this may be possible to avoid (blocking the HREF and calls to the "system info" functions) but then the stylesheet might not be able to be used as a nasty side effect as that is on the server side and already contains some release indication in it's name.
--> you should report this to SAP via Service Market Place.
Cheers,
Julius