Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

Security is an important aspect when you create Web applications using BSP programming. It has feature which you can use while programming it and also when you use BSP created pages.

Security in AS-ABAP : Application Server-ABAP.

It has following aspects to it :

1) Network infrastructure: Network needs to support the communication necessary for  business  needs without allowing unauthorized access. Network topology can eliminate many security threats based on software flaws and prevents network attacks. SAP offers general recommendations defining   network topology, which include using a firewall and other intermediary devices, such as  SAP Web dispatcher and the SAProuter. At the transport layer, the SAP NetWeaver products support the use of the Secure Sockets Layer (SSL) protocol and Secure Network Communications (SNC).

2)Security in AS-ABAP:  The SAP Web Application Server supports  security features which is used  when running your applications. Such as   Support of the Secure Sockets Layer (SSL) protocol and    User authentication using    Logon tickets   or  X.509 client certificates.

3)Configuration of SSL Support: It contains a checklist which include installing cryptographic library  on the application server, seting profile parameters etc .

 P.S http://help.sap.com/saphelp_nw70/helpdata/en/65/6a563cef658a06e10000000a11405a/frameset.htm

4)Logon ticket cache:Its used   for increasing performance when there are multiple logons

It is used to increase the speed of the logon  for a specific user, after user has logged on for the first time.

.Its set up using profile  parameters such as login/create_sso2_ticket , login/accept_sso2_ticket. Its like a cookie ,the logon ticket is stored in a non-persistent HTTP cookie in the user's Web browser.When a user  logs  on to SAP Web Application Server using a logon ticket, the system searches the cache memory. If the system finds a cache entry for this logon ticket, it reads the logon information from the cache memory.

5)Virus scan profiles :SAP delivers virus scan profiles for ABAP .They are /SCET/GUI_UPLOAD ( used when uploading a file to sap using GUI_UPLOAD) and /SIHTTP/HTTP_UPLOAD (used by the BSP framework )

6)Virus scan interface : Virus Scan Interface to include external virus scanners in the SAP system to increase the security.Its used to scan files or documents that are processed by applications for viruses.

7) Internet communication manager:Used for communication between the SAP System (SAP Web Application Server) and the internet via HTTP, HTTPS and SMTP protocols.


  • No labels