7.8 Whitelist

You need to protect your system from security risks that result from navigating to external Web sites that may damage your system. This can be achieved by restricting the access to Web sites. By default, NWBC uses the Internet Explorer (IE) Security zones model that allows you to assign security zones and levels for Web sites that your system accesses. With this, additional whitelist entries are not required, but you may still define whitelist entries equivalently to the IE security zones model.

For example, an ABAP transaction on system ABC calls a remote transaction on system XYZ. To allow this navigation, you need to create a whitelist entry for system XYZ. Another example for an external target is a Web navigation to http://www.google.com.

You can define whitelist entries in the following locations, depending on the back-end system type and release:

• File in the admin folder

• Table HTTP_WHITELIST in ABAP back end

To disable the whitelist, do not define any entry. That is, leave the whitelist empty (default). For whitelist entries, you should always specify the fully qualified domain name that includes the domain. For file:// URLs, you can also specify UNC paths to network shares.

Example: file://\\myhost\myshare\some\path\*

In all cases, an entry for the connected system is created automatically (dynamically) on the client.

The following table shows which combination applies depending on the release and back-end system type and also specifies the location where to define the whitelist:

(*) To find the NWBC server version in NWBC for Desktop, choose  Help  About NWBC  System Info .

The NWBC server version is always 3.5 with SAP NetWeaver 7.0 EHP3/7.31 or higher.

7.8 Security Zones in Internet Explorer

For more information about table HTTP_WHITELIST, see Security Risk List.