Additional SAP Customer Influence platform findings
Note: the Customer Influence website is currently down. The HANA Logon App for e.g. Admin, IDE, Repo is still accessible: https://influence.sap.com/sap/hana/xs/formLogin/login.html
Recently I looked at the SAP Customer Influence website. Besides an interesting OData service I came across several other points I think are worth to mention. At the time I am writing this the CI website is not reachable. I do not know why or when the website will be back. But I took screenshots before the site went offline.
The OData service provides more information about your company than the profile data page does. Via the website access I can see the name and country of my company, and that’s it.
The OData service gives the complete corporate information: name, city, street, zip code, country.
Try to never send out data that is not needed. Privacy by design is a good approach. Sending out only what is needed does not only reduce the data traffic (side effect: page gets faster for the user). Data not sent cannot be abused. The internet ist not a friendly place.
SAP Customer Influence runs on a HANA XS Classic server. XS Advanced is around for quite some time now, but migrating apps is not an easy task, not even for SAP. For those SAP customers jumping on the latest and greatest: if SAP moves on, it is on you to migrate the app.
Marketing comes and goes
Looking at the OData service you can see that many services are named IdeaSomething. That’s because the service started as Idea Place. SAP marketing comes and changes names, the technical foundation stays with the initial name.
The data model is … interesting. A user ends up several times in the system. You create an idea: new entry in IdeaAuthors. The entities have a unique ID, which is a number. Each new entry: number is counted up. Even if you do not know the ID of another entity, its just counting until the OData service returns an entry. LeanIdentity(100), LeanIdentity(101), LeanIdentity(102), … LeanIdentity(170000).
The model provides enough content for a separate blog post.
The logon site is accessible from the internet. The copyright message states 2018. Maybe that’s standard and the server is up-to-date. I am not an HANA XS expert.
In case you do have a customer account – you use an S-User to log on and not a P-User – you can also log in to the admin site. You won’t see much, but why give normal users permission to access the admin site?
The included UI5 version is 1.28.52 (from XS, not what SAP CI is using).
Maybe the 2018 copyright message means that there were no big upgrades lately? Maybe it is not the most up-to-date server. Seems that XSC is not vulnerable to Log4J.