Security
Use
Security - that is, ensuring secure data transfer - is a central aspect of the Content Server Interface. The following conventions apply:
-
It is assumed that all required authorization checks in the SAP system have been carried out.
-
To ensure that users cannot circumvent these authorization checks when accessing the Content Server, a public/private key procedure (see also Public Key Technology) is used.
-
Public and private keys are SAP-specific, not user-specific.
The security concept of the Content Server Interface is based around the fact that the SAP system public key is stored on the Content Server. putCert is the command used to put the key onto the server. The Content Server uses the public key to check URLs and signatures (see also putCert).