The flaw was fixed in the latest version of MaxDB 7.6.00.31. "It is possible to execute arbitrary code with the privileges of the 'wahttp' process by sending a malformed HTTP request. Authentication is not required for successful exploitation to occur," according to a security advisory issued by Symantec.
As a temporary workaround, MaxDB customers can disable the SAP-DB WWW Service or restrict access to it, according to Symantec. SAP customers can download the latest version at www.service.sap.com. In 2004, SAP entered into an agreement with open source database maker mySQL to cross-license SAP DB.
The open source database was then rebranded MaxDB. It is optimized to run in conjunction with the mySAP Business Suite and the mySQL database management system.
Check out the Symantec SAP MaxDB security advisory.
Visit our security topic center for more security related news and information.
We also have more information related to MaxDB.
However, buzz does not automatically translate into actual implementations — at least not this year.
"I think Duet looks like a great way to deliver SAP functionality to end users," said Paul Krier from Johnsonville Sausage, Sheboygan, Wisc. "We may be able to use Duet in the Portal we are putting together, but at this point we use Lotus Notes as our email server, so I think we are a ways off from implementing Duet into our systems."
Colin Ross from Austrialian steel firm OneSteel echoes the positive sentiment. He considers the ability to run quick and easy reports directly in MS Outlook as the biggest benefit of Duet, and foresees his company getting on the Duet bandwagon in 2007.
"[This is a] nice product. I think it will be especially useful for users who only interact occasionally with SAP," Ross said.
Dan Amend from Tuthill corp., Burr Ridge, Ill. likes what he has heard so far but isn't ready to get in the game quite yet.
"We do not use much of the HR functionality in SAP," Amend said. "Most of the early Duet demos focused on T&E-type functions, so we have not gone too far with it. As it moves more into the financial arena with budgeting and analytics, we will get more interested in it."
Based on the responses we've seen, it seems many have choosen a slow and careful approach to Duet — but they'll probably get Duet with it in the end. This cautious angle has the proven benefit of having the early adopters clear the inevitable land mines before they take the plunge in 2007 and beyond. There were some downsides to Duet, however.
Bryan Beasley from CMC Steel Group is currently working the blue-printing of their SAP implementation. He works largely with Microsoft development, so this is a natural area of interest to him. Still, he has some reservations about Duet at this point in time.
"Based on reading and nothing hands-on, from what I can tell, the feature set is still somewhat limited," Beasley said. "In other words, it seems it may be hard for enterprise to cough up the bucks for a product that will have limited impact and will probably increase support costs in the short term.
What I have not seen from SAP is really how is it cost effective to develop something in Duet versus other environments such as Sharepoint, VS.NET or something more custom to SAP. And what about distribution and management of Duet solutions?"
Fellow SAP professional Sunil Aghi is generally very positive to Duet, but he did point to the Achilles heel of cost. This was something of a common thread as cost and excessive upgrade requirements on the SAP end appears to be the most frequently mentioned concern for SAP professionals.
"I see the success coming gradually, over a medium term horizon of 2-3 years," Aghi said. "[However,] cost, and upgrades, could be a deterrant."
Another question that came up was that of Exchange. What if you don't want to use Exchange? Many companies don't because of security concerns, one reader pointed out.
General distrust of Microsoft and its history of occasionally playing hardball with customers is another sticking point. The old Microsoft vs. Open Source debate appears to be alive and well.
"My biggest worry is that Duet is tied into Microsoft and does not allow for any latitude in the Open Source area (e.g. open office)," said Carl Cavendish-Davies from Barloworld Equipment. "This will heavily influence our decisions here as we are in a three-year cycle of migrating and proving the use of an Open Source Operating System."
So what's the final verdict on Duet? You be the judge! Check out our Special Report: Duet in a nutshell for a rundown of the benefits and technical specs you need to know. Tune into our latest podcast for an interview with Duet skeptic Jim Murphy of AMR Research. Then test your Duet knowledge in our Quiz: Duet 101.
Matt Danielsson, Editor]]>
In this podcast, Murphy explains why he believes customers should be cautious about the costs and long-term viability of Duet.
We are pleased to bring to you the SAP Exchange Infrastructure (XI) All-In-One guide. SAP XI is one of the mandatory four components that make up the NetWeaver platform. SAP XI is used for B2B and application-to-application integration. Consider it a superhighway for all enterprise advanced communications. Not only does SAP XI connect systems within an organization and among third-party vendors, but it also houses SAP's Business Process Management (BPM) unit and is a launching point for the service-oriented architecture. Check out some examples:
My version of 'XI 3.0 for Dummies'
What is the future of ALE/EDI and IDocs, in light of XI
Why BPM is good for you
This SAP XI All-In-One guide is your one-stop reference for all things SAP XI. Bookmark this guide because as NetWeaver and XI continue to grow, so will this guide.
There aren’t a lot of users because Duet has only been made generally available for less than a year. But already Lotus Notes users are debating the viability of the product as well as SAP’s integration with Notes. Notes has many of the same scenarios covered by Duet.
The AMR survey found that at best only about 29% of customers surveyed have the software and hardware requirements in place for specific Duet scenarios. The Lotus folks are arguing that Notes can be installed and integrated with SAP at a lower cost and without upgrading to the latest version of SAP.
In addition, 27 out of 74 survey respondents – had reservations about adopting Duet, however. Some cited the need to upgrade to the latest version of SAP, some saw substantial hidden costs, and others were using IBM's Lotus Notes for groupware processes.
SAP clearly isn’t yet making the case that Lotus users should even consider Duet. The majority of its user base are Microsoft Outlook users. And I’m not sure it’s SAP’s aim to target IBM’s Lotus Notes users with Duet.
I asked the question of whether a Lotus Notes user would see enough value in Duet to make the switch. SAP’s Kevin Fliess said that it would be an evaluation over groupware and went on to tout the various Duet scenarios. I don’t think it’s a question of which integrates better with SAP – Duet or Notes. If you are an SAP-Lotus shop, chances are you’ll look into its SAP integration features. If you are a Microsoft shop, you’ll look into Duet.
Well, it seems like SAP is starting to get it. Yesterday, a Business Week story reported on the simplification of Business One, where both implementation and management have been streamlined enough that we now seem to be hitting that magic tipping point where the practical benefits of SAP outweighs the hassle. Costs are being pushed down too — less than $10,000 for a complete Business One installation is not out of reach for a small company once you factor in the productivity gains and overhead savings. Business One's big brother, All-in-One, is also making rapid strides.
So SAP is making headway on its aggressive downstream push. That's fine and dandy, but the obvious question is, what's going to happen with the Microsoft relationship? In the top end of the market, SAP and Microsoft are quite chummy. Duet is gaining a lot attention. Rightfully so, if you ask me, since it's a cool technology and it seems like a strategically correct path at least for SAP. When asked whether there are more joint SAP-Microsoft products on the horizon, Shai Agassi wouldn't commit to anything but clearly left the door open: "We'll see how Duet plays out — if it's successful, we may look into other areas." That sounds pretty promising to me.
For the small- and midsize market, things get more interesting. Joshua Greenbaum wrote about this in a recent column, pointing to the cautious dance the two are currently engaged in. What's going to happen when Dynamics GP, AX, NAV and so forth get rolled into one single product in 2008? Will Microsoft continue to sit idly by watching SAP bag the fattest account? Doesn't seem like the 'softie style. We're already seeing some headlines pop up hinting of things to come. Microsoft was careful to use diplomatic wording when it ditched SAP in favor of Dynamics for it's Home and Entertainment division, but they couldn't resist plugging the" two-to-four times cheaper" angle in their announcement. Shortly thereafter, military supplier BlackHawk chose Dynamics over SAP because of simplicity and ease of integration. When the new version of Dynamics AX was released in June this year, cost and ease of use came up once again.
There's potential for great things, and there's potential for war. Only time will tell how this is going to play out, but there's potential upside for SAP and Microsoft users alike. In the mean time, we're going to look into the more practical aspects of just how Dynamics stack up against SAP's All-in-One.
In October this year, we will have two experts argue the case for All-in-One vs. Dynamics in a side-by-side face-off column. Those of you who followed the SAP vs. Oracle face-off between Josh Greenbaum and Faun deHenry earlier this year will recognize the format; we aim to move beyond marketing dogma and take a hard look at the practical, real-life pros and cons of either solution so that users can make the best choice for their companies. We have veteran expert Axel Angeli spearheading the All-in-One side of the argument, so expect the gloves to be off. Stay tuned!
Foote is well known for his firm’s hot technical skills and certification pay index. So far, 51% of 54,000 IT pros surveyed are receiving technology-related skill pay in their compensation packages, according to Foote’s firm.
Every category of non certified skills showed positive annual growth, according to Foote. The firm’s latest quarterly research covers the period of April 1 through July 1.
Among the fastest growing non certified skill areas:
Some specific areas that are hot: NetWeaver; SAP modules: Payroll, PS, HR, SD, CA, CO, FI; and Oracle enterprise applications. WebSphere, SUN Java System Messaging Server and Microsoft .NET skills were also big performers.
Certifications are also paying well according to Foote. “Certifications continue to be worth more on average for IT workers who choose to make the effort to obtain them,” Foote said in his report.
Among the fastest growing certified skill areas:
Non certified skills are growing at a faster rate than certified skills. Still, employers are looking at how an applicant has used his or her skills. To get that job, you have to demonstrate you can use the skills you place on your resume.
SearchSAP will be covering Foote's research over the next week or so. Stay tuned.
Human resource management is never going to get smaller or easier. In fact, human capital is the most valuable raw material we have. Take advantage of our comprehensive HR Learning Guide and keep your personnel professional.
Juli – Assistant Editor
Well, now we've gathered it all in a one-stop-shop feature: the SAP Jobs info center! Here you have fresh tips, relevant news stories, guides and of course the ever-present wisdom of Jon Reed to help you move up the SAP ladder. Browse it today, and check back as we're adding new features every day!