cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security aspects of PHP

Go to solution
Former Member

on ‎05-12-2005 7:52 AM

0 Kudos

What are the security aspects of using PHP with SAP; compared to either "in-house" technologies like BSP or Web Dynpro, or using a J2EE-based environment, based on Java? The biggest drawback of PHP seems to be in the security-related area. How does this open source technology mix with highly secured, sensitive-information SAP installations?

Trond

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-12-2005 8:13 AM
0 Kudos

PHP like Java will interface with (currently anyway who knows in the future) BAPI and FM interfaces with a SAP login therefore the R/3 or other SAP system security comes into play and not PHP itself.

You can also control security with PHP per application but from the SAP side it's the standard SAP security there.

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎05-12-2005 2:38 PM
0 Kudos

Trond:

Craig is correct, when you are working with SAP from PHP you will be interacting with it through the standard SAP security mechanisms. Thus, from that perspective security is comparable to other technologies. However, if you are talking about PHP specifically as with any programming language security is often left in the hands of the developer to consider. As long as due diligence is paid to security concerns when developing the application you'll be just fine.

Show replies
Show replies
Former Member
‎05-17-2005 2:55 PM
0 Kudos

Don't think of it as PHP security, Just think of it as security, and what you want to implement, and what you have available.

1) Use Active Drirectory and place people in groups which can perform cerain tasks. using the LDAP class in PHP you can enforce those groups.

2) Prompt users for security information which is sent to SAP. SAP will enforce what the user can or can't do. PHP will be the broker

3) Develop a local secuirty system within php, perhaps using something along the lines of http://phpgacl.sourceforge.net/

4) You could even setup a SecurID security system and implement it with your application.

Many choices are available, all with plus and minus aspects.

Ask a Question