The privacy protected privacy statement

Published by Tobias Hofmann on

3 min read

Accessing the SAP development tools site gives you access to a wide range of useful and maintained tools for developers.

Private privacy

In the header toolbar are some legal links, like legal disclosure or privacy.

Clicking the privacy link leads to an access protected page. Without providing credentials, you don’t get access to the privacy document.

Not exactly what I expected. I would suspect that the privacy statement is publicly available. As the tools site is.

Root cause

What happened? The underlying technology used for the tools site is UI5. Looking at the source code reveals what link is called by the privacy button.

The target link is:

Opening the link in the browser leads to a redirect to an access protected site.

One call goes to http.svc/login

This call is triggered by a redirect by JavaScript.

For some reason, the logic wants to access an access protected URL.


Hard to believe that the privacy link should redirect to an access protected site. If this is the expected behavior, the link should be marked as access protected. My impression is that the link should go to a public accessible privacy statement. And that this link should be fixed asap.


The privacy statement can be accessed without authentication. I had to find this out by myself, because, guess what: no one from SAP bothered to inform me that they fixed it.

Let the world know
Categories: SAP

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.