07-03-2007 6:14 PM
Hi all.
Considering that I do not have SSL installed into SAP Portal and also do not have SSO implemented between Portal and SO.
Could someone let me know what is the process when an user type his user and password? I mean, is this informations send to authentication module of Portal by http? How secure are this informations for both intranet and internet?
tks.
Daniel Silva
07-03-2007 6:32 PM
Daniel,
Unless you are constructing a public portal, do not use http for anything over the internet. Usernames and passwords are transmitted in clear text. SSL is a MUST.
If you are internal only, then you could consider http if you were in a bind. We only have about 1,000 employees at 3 locations but, we have wireless connections so EVERYTHING is SSL.
07-04-2007 12:13 AM
David.
Tanks for all explanation about internal and external access.
tks,
Daniel Silva
07-04-2007 3:57 AM
Thank you for the points!
You just put me over the 1000 mark!
I am glad that I could be of help, that is what SDN is all about!
07-04-2007 8:55 AM
It's not only UID/PWD that are send as plaintext information when using http.
It's also all (access restricted) business content that is send unencrypted - which should motivate you to use SSL / https.
Regards, Wolfgang