Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Interface Transmission Encryption & Password Encryption

Former Member

‎05-27-2010 10:51 PM

0 Kudos

When a user logs on to the system through the GUI, is the password going clear text or is it encrypted? What about the Portal?

Also, if there is an interface between two SAP systems, do the IDocs go through using an encrypted protocol (internal network) or is that something you have to implement? Should we be encrypting the transmission? Does SAP provide the functionality or is it something extra?

Thanks,

4 REPLIES 4

tim_alsop
Active Contributor

‎05-27-2010 11:12 PM

0 Kudos

Hi,

With SAP GUI the password is normally entered in login screen and passed to SAP server in compress format, so it is not very secure. This is why SNC is becoming very common. When you use SNC to authenticate during logon with SAP GUI, there is no password transmission, not even encrypted passwrod. If you are concerned about security, I suggest you look at using SNC for authentication with SAP GUI.

Thanks,

Tim

Former Member
In response to tim_alsop

‎05-28-2010 12:32 PM

0 Kudos

Thank you all. What about interfaces? Is it the same concept?

I just read something online that confused me saying that if the saprouter is used, SNC is not needed. Don't get it?

http://help.sap.com/saphelp_nw04/Helpdata/EN/21/c6a73860bf5f2ce10000009b38f8cf/frameset.htm

Thanks,

mvoros
Active Contributor
In response to tim_alsop

‎05-29-2010 9:55 AM

0 Kudos

Hi,

yes, you have two options. First one is to use SNC to secure communication between two SAP gates. Second one is to create a secure channel using SAP router. Here is a scheme rom SAP documentation gateway1 u2013 SAProuter1 u2013 SAProuter2 u2013 gateway2. Again, SAP router will use SNC to secure communication.

Cheers

mvoros
Active Contributor

‎05-28-2010 12:50 AM

0 Kudos

Hi,

as it was mentioned by default the password is sent as plain text when you use SAP GUI. Actually, it's obfuscated but by fixed transformation so there is no difference. The portal security depends on what protocol you use to access it. HTTPS is way to go if you don't want passwords in plain text form. IDocs are usually transferred using RFC call ans there is a similar situation as in GUI. By default the password goes as plain text unless you use SNC.

I would suggest you starting with security guides for your SAP products. You can find them on [service.sap.com/securityguides|http://service.sap.com/securityguide] and they contain answers for all your questions.

Cheers