13.09.2018

SAP Security: Code injection by logical databases.

Starting from Version 7.50, SAP has now declared logical databases obsolete. This, however, is a security risk that could impact any report.

Logical databases were once very popular. Complex selections were relatively easy to portray and effort-intensive reports were unnecessary. Users also appreciated the way dynamic selection worked, which encouraged developers to use the technique more and more. Starting from Version 7.50, SAP has now declared logical databases obsolete. Consequently, it advised against creating new logical databases, but allowed the old ones to continue as if nothing had happened. This, how-ever, is a security risk that could impact any report.

Go to SAST BLOG

Rubriken

Practical tips

Beitrag teilen

Go back

.ncoi---behind.ncoi---no-transition.ncoi---hidden.ncoi---on-no-script{display:flex!important;visibility:unset!important;opacity:1!important}.ncoi---behind.ncoi---no-transition.ncoi---hidden.ncoi---on-no-script-hidden{display:none!important;visibility:hidden!important;opacity:0!important}

Privacy settings

Click »Info« to see a list of the used cookies. You can give your consent to the required cookies or statistic cookies. The selection is optional. You can change these settings or delete the cookies in the browser at any time. If you select the »Statistics« option, your opt-in consent also extends to processing in the USA, which is considered by the European Court of Justice as a country with an insufficient level of data protection. Please find further information in our privacy statement.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.

Group	external media
Name	YEXT -Search
Technical name	yext
Provider	Yext GmbH
Expire in days	0
Privacy policy	https://www.yext.de/privacy-policy/
Use	Enables intelligent search via YEXT.
Allowed
Group	external media
Name	Google Maps
Technical name	googleMaps
Provider
Expire in days	6491
Privacy policy
Use	Enables the use of Google Maps.
Allowed
Group	external media
Name	YouTube
Technical name	youTube
Provider
Expire in days	0
Privacy policy
Use	Enables the use of the Youtube video player.
Allowed
Group	statistics
Name	Google Analytics
Technical name	_gat,_gtag_UA_141664271_1,_gid,CONSENT,NID,ANID,1P_JAR
Provider	Google LLC
Expire in days	730
Privacy policy	https://policies.google.com/privacy
Use	Cookie by Google for website analysis. Generates anonymous statistical data about how the visitor uses the website.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider
Expire in days	0
Privacy policy
Use	Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Group	essential
Name	Contao HTTPS CSRF Token
Technical name	csrf_https-contao_csrf_token
Provider
Expire in days	0
Privacy policy
Use	Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Group	essential
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider
Expire in days	0
Privacy policy
Use	PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Group	essential
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider
Expire in days	0
Privacy policy
Use	Saves information of a visitor as soon as he logs in to the frontend.
Allowed
Group	statistics
Name	Google Repcatcha
Technical name	googleRepcatcha
Provider	Google LLC
Expire in days	0
Privacy policy	https://policies.google.com/privacy
Use	Protect from spam.
Allowed
Group	statistics
Name	ClickDimensions
Technical name	cuvid,cusid,cuvon,cd_optout_accountkey
Provider	ClickDimensions
Expire in days	730
Privacy policy	https://clickdimensions.com/solutions-security-and-privacy/
Use	Cookie from ClickDimensions for website analysis. Generates anonymous statistical information about how the visitor uses the site.
Allowed

Imprint Privacy

Change cookie decision