1. User logs into SAP Portal with defined userid/password
2. Portal has a hyperlink, that when clicked navigates the user to our application (some xyz say) in a new window. Internally Portal sends
a GET request, appending the userid given in step 1 onto URL, to our application deployed on WebSphere Process Server. URL shown
on the new browser window is in encrypted form but when user opens up a blank window and types the starting characters of the
actual URL of our application it is shown along with the userid parameter appended to URL. If this is the case then users can change
the userid value and can misuse the application. Please provide any suggestions to overcome this misuse..
Note: We have tried a POST request from SAP Portal but we are unable to read the userid parameter
Thank you in advance,
In Love with Java -@
Joined: Oct 08, 2008
I am not sure how SAP portal works but if you have the userid/pwd in request, this should work.
If you don't have the current request handy, add this in your code and check if it works.
There are only 10 types of people in the world: those who understand ternary, those who don't, and those who mistake it for binary.