Additional SAP Customer Influence platform findings

Published by Tobias Hofmann on

4 min read

Note: the Customer Influence website is currently down. The HANA Logon App for e.g. Admin, IDE, Repo is still accessible: https://influence.sap.com/sap/hana/xs/formLogin/login.html

Recently I looked at the SAP Customer Influence website. Besides an interesting OData service I came across several other points I think are worth to mention. At the time I am writing this the CI website is not reachable. I do not know why or when the website will be back. But I took screenshots before the site went offline.

Fun fact

The OData service provides more information about your company than the profile data page does. Via the website access I can see the name and country of my company, and that’s it.

The OData service gives the complete corporate information: name, city, street, zip code, country.

Try to never send out data that is not needed. Privacy by design is a good approach. Sending out only what is needed does not only reduce the data traffic (side effect: page gets faster for the user). Data not sent cannot be abused. The internet ist not a friendly place.

HANA XS

SAP Customer Influence runs on a HANA XS Classic server. XS Advanced is around for quite some time now, but migrating apps is not an easy task, not even for SAP. For those SAP customers jumping on the latest and greatest: if SAP moves on, it is on you to migrate the app.

Marketing comes and goes

Looking at the OData service you can see that many services are named IdeaSomething. That’s because the service started as Idea Place. SAP marketing comes and changes names, the technical foundation stays with the initial name.

Data model

The data model is … interesting. A user ends up several times in the system. You create an idea: new entry in IdeaAuthors. The entities have a unique ID, which is a number. Each new entry: number is counted up. Even if you do not know the ID of another entity, its just counting until the OData service returns an entry. LeanIdentity(100), LeanIdentity(101), LeanIdentity(102), … LeanIdentity(170000).

The model provides enough content for a separate blog post.

Logon site

The logon site is accessible from the internet. The copyright message states 2018. Maybe that’s standard and the server is up-to-date. I am not an HANA XS expert.

Admin logon

In case you do have a customer account – you use an S-User to log on and not a P-User – you can also log in to the admin site. You won’t see much, but why give normal users permission to access the admin site?

Old SAPUI5

The included UI5 version is 1.28.52 (from XS, not what SAP CI is using).

Maybe the 2018 copyright message means that there were no big upgrades lately? Maybe it is not the most up-to-date server. Seems that XSC is not vulnerable to Log4J.

Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.