Skip to Content

Keyboard loggers are a type of spyware which gathers all keystrokes of a user and sends it back to the hackers. Sensitive information like user name and password can be hacked using keyboard loggers. 

The threat is more in the extranet setup. When your business partners are accessing your portal you need to pay attention to security and ensure that their login credentials are not stolen.

You can avoid the problems created by keyboard loggers by using Virtual Keyboards. You would have noticed this in many banking websites. Check this diagram for a customized portal login screen

Virtual Portal Keyboard

 

For this Virtual Keyboard I’ve used an open source java script library JavaScript Virtual Keyboard By Dmitry Khudorozhkov. You can download the library from Codeproject site. This Virtual Keyboard is an open-source script distributed under the zlib/libpng license.

 

The steps you need to follow are very simple

 

  1. You      can either modify the standard portal login application (com.sap.portal.runtime.logon.par)      and deploy it as an new archive or you can create your own
  2. From      the javascript library you will need to place the vkboard.js file in the      scripts folder
  3. Modify      the JSP files and place the keyboard. Check the library documentation. It      is simple
  4. Register      the j_user and j_password input fields with the library for inputting      using keyboard
  5. Deploy      the par file
  6. Modify      UME configuration for using the new login      module

 

You are ready and safe from keyboard loggers.

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

    1. Prasanna Krishnamurthy Post author
      Hi,

      How do you ensure that the new portal application will handle user authentication?
      By login module customization, I was refering to changes to the authschemes.xml file and putting the newly developed par file to be used for authentication.

      Best Regards,
      Prasanna Krishnamurthy

      (0) 
  1. Thomas Alexander Ritter
    unfortunately very good trojans take screenshots compress them and send them to their master. It is even quite easy to decide when screenshots should be taken (https connection, the strings “login”, “submit” somewhere,…). For me this is a placebo. The IT department has to make sure that the computer is clean and stays clean. People should not think they are safe when they click on images…
    cheers Thomas
    (0) 
    1. Prasanna Krishnamurthy Post author
      I agree with you, its difficult to have a completely secure setup.

      Atleast we can protect the users from bad trojans 🙂 and wishing that this reduces the exposure to trojans by 70%…

      Thanks and Regards,
      Prasanna Krishnamurthy

      (0) 

Leave a Reply