Show TOC

 Improved Protection Versus Logon XSRFLocate this document in the navigation structure

By default, SAP NetWeaver Application Server (AS) Java enables automatic logon with just the user ID and password as URL parameters. This eases the operation of some scenarios, but exposes potential exploits for logon cross-site request forgery (XSRF). To improve protection against logon XSRF attacks, we recommend that you disable or set to false the authentication property Enable Automatic Logon with User ID and Password( ume.logon.userpwd_automatic_logon ). See also SAP Note 1441999 Information published on SAP site.

For more information about configuring authentication properties, see Configuring Authentication Properties .