on 2025 Jan 16 6:21 PM
Dear community,
We are evaluating monitoring and security aspects on development ABAP servers and would like to know if there is a direct way of invoking RFC_PING and RFC_SYSTEM_INFO using the RFCSDK without logon depending on values of auth/rfc_authority_check.
We are mainly using Python socket scripts and pysap library to craft the packets and evaluate the response. However we are unable to construct a valid packet that would enable the testing. We tried replaying packets sent from one system to another using the function modules without success.
Did anyone work on a similar topic and would have some insights ?
Many thanks in advance !
Request clarification before answering.
Yes, just add the connection parameter
LCHECK = 0
to the set of parameters used in the RfcOpenConnection() call, and a connection will be opened without user logon. RFC_PING can then be executed over this connection, as it requires no authorization. Not sure though about RFC_SYSTEM_INFO. But after executing RFC_PING, you can get almost the same information as returned by this function module, by calling RfcGetAttributes() on the established connection.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
56 | |
10 | |
8 | |
8 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.