/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Passing sensitive information in URL is against recommended security best practices. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referrer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
Resolution
This is a known limitation that has been reported to our Product Managers. If you would like to be notified on the status, please create a ticket in the SAP Support Launchpad and reference the ticket number: SPM-9362
There's a partial fix for restricting access to private URLs in our software which denies every access besides embedding. A support engineer should be able to enable the feature package called "deprecatePurl" for this tenant and all of its users to disable general access and creation of those links. Be aware that links might break due to this change and will no longer be accessible via authkey. There you can remove the authKey from the URL and login in as usually.
Keywords
KBA , BPI-SIG-HUB , SAP Signavio Process Collaboration Hub , Product Enhancement
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)