Quantcast
Channel: SCN: Message List
Viewing all articles
Browse latest Browse all 2151

Re: Dynamic RFC calls in DPC & DPC_EXT causing "Very high security risk" when running code profiler

$
0
0

Hi Prabaharan,

generated coding is nothing new at SAP.

But this is not SAP standard code but you as a developer have generated this code.

So what is the security risk here?

Best Regards,

Andre

I assume the code we are talking about looks like the following:

lv_rfc_name = 'BAPI_EPM_SO_GET_DETAIL'.

 

IF lv_destination IS INITIAL OR lv_destination EQ 'NONE'.

 

  TRY.

      CALL FUNCTION lv_rfc_name

        EXPORTING

          so_id          = so_id

        TABLES

          return        = return

          itemdata      = itemdata

        EXCEPTIONS

          system_failure = 1000 message lv_exc_msg

          OTHERS        = 1002.

 

      lv_subrc = sy-subrc.

*in case of co-deployment the exception is raised and needs to be caught

    CATCH cx_root INTO lx_root.

      lv_subrc = 1001.

      lv_exc_msg = lx_root->if_message~get_text( ).

  ENDTRY.

 

ELSE.

 

  CALL FUNCTION lv_rfc_name DESTINATION lv_destination

    EXPORTING

      so_id                = so_id

    TABLES

      return                = return

      itemdata              = itemdata

    EXCEPTIONS

      system_failure        = 1000 MESSAGE lv_exc_msg

      communication_failure = 1001 MESSAGE lv_exc_msg

      OTHERS                = 1002.

 

  lv_subrc = sy-subrc.

 

ENDIF.


Viewing all articles
Browse latest Browse all 2151

Trending Articles