SAP announced a new product and held a major online event to promote it. For people following a little bit the SAP world it was complicated to avoid the marketing hype around the Business Unleashed event. Registration was open to everyone with a business e-mail address. The target group was Read more…
Updating SAPUI5 should not introduce breaking changes. UI5 uses semantic versioning, and as long as the major release does not change, you should be safe: update UI5, and get automatically the latest features, while your old apps continue to work. The app might drift away further and further from the Read more…
It is the year 2024 and yet there are people believing that there is such a thing as secure software. Customers that commission an app and expect it to be secure. Large / mid / small partners, freelancers or developers that promise secure apps. End users that expect secure apps. Read more…
Attention: SAP changed the service. To find out if a user is valid, you have to add check at the end. Verify was replaced by check. The url is now: https://core-api.account.sap.com/uid-core/employee/<id>/check In my previous blog post I wrote about my experience regarding SAP Universal ID logon. To my surprise SAP Read more…
Account enumeration For a long time, SAP thought that a user Id should contain a number (and still does). The D, I, C or S-Users are based on a number, and so are the P-Users everyone was able to get by registering at SCN. Enabling attackers to guess a valid Read more…
It was super easy to get access to a list of almost 6.900 names and e-mail addresses from SAP employees, partners and customers. No hacking needed, you just had to click links and know a few things. The list contains a handful of duplicates, test names or generic names. From Read more…
Using Google to find SAP related documentation is a daily task. When I was searching for some Fiori Launchpad information, I was using Google Search. One of the search results directed me to SAP Help and the Fiori Launchpad documentation. The link is: https://help.sap.com/docs/SAP_FIORI_LAUNCHPAD?locale=en-US The page is not hidden under Read more…
The access to the app is not any longer allowing external users (like S-User) to log on. While the public page of the app is accessible, you cannot read any evauations or other data. SAP acted here very quick and tightened the SSO access in just a few hours. The Read more…
Event information Location: 8. HANA Tech Night, Mafinex, Mannheim Date: 27.06.2023 Site: Event website Title: Sicherheit Presentation: PDF Additional information Es gibt keine allgemeine Lösung für das Problem Sicherheit. Jede Situation ist einzigartig. Trotzdem gilt gerade deswegen: sich vorbereiten für das Schlimmste Es gibt keine super sichere Software. Das ist Read more…
In this post I will explain how to access SAP Learning Hub (LH) training material PDFs that are not part of your subscription. You’ll need to have a valid LH solution subscription to be able to access training material not part of your subscription. For those not familiar with LH: Read more…