When i am using the code SY-UNAME == "anyname" and providing a value of any user name it give me backdoor injection vulnerability. Is there any way I can fix this?
Asked
Active
Viewed 367 times
1
-
3Are you really asking for ABAP? The operator `==` does not exist in ABAP, it's `=` or `EQ` – Gert Beukema Dec 21 '17 at 15:22
2 Answers
5
These constructs are often used by developers in the development system to not impact other users with some experimental code. To make sure that these get removed before transport to QA and production you can create a custom rule for the code inspector (transaction SCI) and enforce running the code inspector in your code review process before changes are moved.
This blog explains how to create these rules.
Gert Beukema
- 2,510
- 1
- 17
- 18
4
Yes . Make it a rule not to use such code. It is not good programming. There is no reason why such a code should be required. If you need to restrict access to a program it should ideally be restricted based on authority objects or preferably using roles depending on what you need.
TheG
- 145
- 1
- 7