on 09-13-2011 2:49 PM
http://help.sap.com/saphelp_nw73/helpdata/en/77/6fb4308dbe40d6b6ac5903e95c2521/frameset.htm
I am referring to the attached SSL configuration. I agree that it ensures integrity (no contents changed) but does it also ensure authenticity (i.e. message can be read only by relevant readers)
That is if some client accesses https://server:1443/logon application, he receives an encrypted page where he puts his user name and password.
Then he clicks on submit.
Does this content get encrypted in any way ?
Also, can the packets sent by server be intercepted and decoded as the server's public key. How can we ensure authenticity (low budget project )
Hi Jay,
AFAIK, in AS JAVA without encryption, the user/password and everything the user input in to the system as passed via network in plain text. And with encryption (https), the content are encrypted.
You can try to prove this using network-sniffer such as wireshark.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jay,
If you need to authenticate the server, then you may use certificate for ABAP and JAVA.
Maybe the following link will be useful:
http://help.sap.com/saphelp_nw73/helpdata/en/49/231207ddeb1903e10000000a42189c/frameset.htm
When you use SSL certificate, beside the url in your browser there is a box with information who run the server and certified by who. This will prevent man-in-the-middle-attack. As long as the user do the checking.
Thanks
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.