Parameter
gw/reg_info
Short text
External security filename for gateway
Parameter Description
This parameter can be used to protect external programs against being registered. Unauthorized registration of programs can be prevented by maintaining the file reginfo in the data directory of the gateway instance.
If the file exists, the system searches for valid registration entries in this list. If not, the system searches as previously in the gw/sec_info file.
Using the reginfo file makes it possible to define the entries better than before.
The syntax of the entries in this file is as follows
TP=[tp] [HOST=[hostname]] [NO=[n]] [ACCESS=[hostname,…]] [CANCEL=[hostname,…]]
Certain programs can be allowed to register from an external host by specifying the relevant information.
Valid TP name:
No restriction : *
TP name : foo
Start of name : foo*
Valid host name:
No restriction : *
Host name: sapprod for example
IP address: 192.1.1.3
Domain : *.sap.com
Subnet address : 192.1.1.*
Examples of valid entries
TP=* All registrations allow HOST=* TP=foo* All registrations that start with foo,
but not f or fo
HOST=*.sap.com TP=* from domain *.sap.com, are all
Registrations allowed
If the TP name is specified without wildcards, the number of registrations allowed can be specified too.
Example
HOST=* TP=foo NO=1 , meaning that only one program can be registered with the
name foo. All other attempts to register a program with this name are rejected.
To control access from the client side too, you can define an access list for each entry. This is a list of host names that must comply with the rules above. *’ is not allowed however. If no access list is specified, the program can be used from any client. The local gateway where the program is registered always has access.
What is important here is that the check is made on the basis of hosts and not at user level.
for example HOST=* TP=foo ACCESS=*.sap.com
Program foo can only be used by hosts from domain *.sap.com. Access attempts coming from a different domain will be rejected.
The CANCEL list can be used to define whether other clients can teminate the registered program. The same rules apply for this list as for HOST or ACCESS,
for example HOST=* TP=foo ACCESS=*.sap.com CANCEL=*.wdf.sap.corp
Program foo can only be terminated by clients that have logged on from domain wdf.sap.corp.
Application Area
Gateway
Parameter Unit
File
Default Value
[Data directory]/reginfo
Who is permitted to make changes?
Customer
Operating System Restrictions
None
Database System Restrictions
None
Are other parameters affected or dependent?
None
Values allowed
File name