Kontakt

Ansicht
Dokumentation

ERC_V77RCF_PAGES - Store ICF Paths to Services as Permitted Navigation Targets

ERC_V77RCF_PAGES - Store ICF Paths to Services as Permitted Navigation Targets

SUBST_MERGE_LIST - merge external lists to one complete list with #if... logic for R3up   Fill RESBD Structure from EBP Component Structure  
This documentation is copyright by SAP AG.
SAP E-Book

In this Customizing activity, you store the permitted navigation targets (services) for the Web Dynpro applications HRRCF_A_PW_VIA_EMAIL_EXTERN or HRRCF_A_PW_VIA_EMAIL_INTERN (Forgotten your password?) and the BSP application HRRCF_PASSWORD (Management of Users' Passwords).

These Web applications of SAP E-Recruiting are susceptible to Cross-Site Request Forgery (CSRF) attacks. There is a risk here that a potential hacker could swap a navigation target with a navigation target of his or her own choosing. When a user uses the Back button in the applications listed above, the program would then go to this manipulated target.

It is necessary to perform this Customizing activity only if you have

  • Replaced the navigation targets delivered in the standard system with your own services
  • Defined external aliases

The system checks the table entries of the stored navigation targets and outputs a message for any navigation targets that are not stored. In this way, it is not possible to navigate to targets that are not stored.

In the standard system, we deliver the V77RCF_PAGES table that contains the relevant navigation targets for the standard system.

Store the path to the service for each service that you want to use as navigation targets of the applications listed above instead of those provided in the standard system.

Entries in the table overwrite the entries that are delivered in the standard system.

  1. Enter an alias for the path to the service.
  2. Enter the path to the service. Depending on how you determine your URLs, it may be necessary in the case of BSP services to enter the controller of the BSP application (APPLICATION.DO) in addition to the path and the service name. For more information, see transaction SICF (Maintain Services).






PERFORM Short Reference   General Data in Customer Master  
This documentation is copyright by SAP AG.

Length: 2208 Date: 20240523 Time: 203722     sap01-206 ( 48 ms )