Hierarchy
ERECRUIT (Software Component) E-Recruiting⤷
PA-ER (Application Component) E-Recruiting⤷
PAOC_RCF_BL (Package) Recruitment Factory: Business Logic
IMG Activity
| ID | ERC_V77RCF_PAGES | Store ICF Paths to Services as Permitted Navigation Targets |
| Transaction Code | S_PES_12000036 | (empty) |
| Created on | 20081216 | |
| Customizing Attributes | ERC_V77RCF_PAGES | Store ICF Paths to Services as Permitted Navigation Targets |
| Customizing Activity | ERC_V77RCF_PAGES | Store ICF Paths to Services as Permitted Navigation Targets |
Document
| Document Class | SIMG | Hypertext: Object Class - Class to which a document belongs. |
| Document Name | ERC_V77RCF_PAGES |
Use
In this Customizing activity, you store the permitted navigation targets (services) for the Web Dynpro applications HRRCF_A_PW_VIA_EMAIL_EXTERN or HRRCF_A_PW_VIA_EMAIL_INTERN (Forgotten your password?) and the BSP application HRRCF_PASSWORD (Management of Users' Passwords).
These Web applications of SAP E-Recruiting are susceptible to Cross-Site Request Forgery (CSRF) attacks. There is a risk here that a potential hacker could swap a navigation target with a navigation target of his or her own choosing. When a user uses the Back button in the applications listed above, the program would then go to this manipulated target.
It is necessary to perform this Customizing activity only if you have
- Replaced the navigation targets delivered in the standard system with your own services
- Defined external aliases
The system checks the table entries of the stored navigation targets and outputs a message for any navigation targets that are not stored. In this way, it is not possible to navigate to targets that are not stored.
Requirements
Standard settings
In the standard system, we deliver the V77RCF_PAGES table that contains the relevant navigation targets for the standard system.
Activities
Store the path to the service for each service that you want to use as navigation targets of the applications listed above instead of those provided in the standard system.
Entries in the table overwrite the entries that are delivered in the standard system.
- Enter an alias for the path to the service.
- Enter the path to the service. Depending on how you determine your URLs, for BSP services, it may be necessary for you to enter the controller of the BSP application (APPLICATION.DO) as part of the path, in addition to the service name. For more information, see transaction SICF (Maintain Services).
Example
Business Attributes
| ASAP Roadmap ID | 204 | Establish Functions and Processes |
| Mandatory / Optional | 2 | Optional activity |
| Critical / Non-Critical | 2 | Non-critical |
| Country-Dependency | A | Valid for all countries |
Assigned Application Components
| Documentation Object Class | Documentation Object Name | Current line number | Application Component | Application Component Name |
|---|---|---|---|---|
| SIMG | ERC_V77RCF_PAGES | 0 | ALN0000022 | E-Recruiting |
Maintenance Objects
| Maintenance object type | C | Customizing Object |
| Assigned objects | ||||||
|---|---|---|---|---|---|---|
| Customizing Object | Object Type | Transaction Code | Sub-object | Do not Summarize | Skip Subset Dialog Box | Description for multiple selections |
| V77RCF_PAGES_C | V - View | SM30 |
History
| Last changed by/on | SAP | 20081216 |
| SAP Release Created in |
