Purpose Perform your own safety checks |
Solution
In general, all security checks should be done in ABAP, not in the HTML files (JavaScript), since these can be disabled by local debuggers.
* logon user method logon. * check URL if s10session->clienturl ne 'https://www.mycismobile.com:44300/sap/bc/bsp/s10/cis'. s10errormessage( 'Access denied, wrong URL' ). endif. * check authorization for transaction VA01 authority-check object 'S_TCODE' id 'TCD' field 'VA01'. if sy-subrc ne 0. s10errormessage('SAP authorization for transaction VA01 required'). endif. |
Components |