Security Checks
Security Checks
Use
Before external commands are executed, the additional parameters passed are checked. If "illegal" characters are found in the process, the command is not executed and the exception
SECURITY_RISK is triggered. These illegal characters have been defined specific to operating systems, as displayed below:Table: Illegal Characters for Parameters
Operating System |
Illegal Characters |
AIX |
| & ; ^ \ < > ` |
HP-UX |
| & ; ^ \ < > ` |
Windows NT |
| & < > () |
VMS |
|
other |
| & ; ^ \ < > ` |
If you want to prohibit the use of other characters, SAP recommends that you use check modules. If you want to avoid these restrictions, you should use shell scripts or in-house C programs.
See also:
Check Modules Illegal Changes to External Commands Syslog Trace and System Alert Monitor