This topic discusses the security aspects related to data storage that you need to consider when implementing enterprise workspaces.
All data for the portal is stored in the database of the SAP NetWeaver Application Server (AS) Java.
The documents are stored in a content management repository of Knowledge Management (KM) under workspaces.
Authorizations for KM folders are managed in the access control lists (ACL) according to the workspace roles.
The Document List module allows users to upload various files, such as documents, images, executable and other files, and store them in KM repositories on the server. You can restrict the upload of files depending on their extension and size by applying content filters.
For more information, see the documentation for Knowledge Management System Administration.
RSS feeds that are configured for the RSS Reader (Deprecated) module, the Mobile Homepage RSS Reader (Deprecated) module, and the Mobile Homepage Media (Deprecated) module, are considered public content and may be stored in the AS Java ICM cache, which can be accessed without authentication.
KM has an option to perform a virus check of documents for which you have write or read access. To enable it, you have to configure the virus scan interface of the SAP NetWeaver Application Server.
For more information, see Virus Scanner Service in Knowledge Management System Administration on SAP Help Portal.
To enable virus scanning of the files that are uploaded to workspaces, you need to set the system properties of the antivirus service in the workspace configuration.
The stored data of modules, such as the Text Pad and Document List, is not encrypted, so theoretically developers who are familiar with the portal internals, can access this data in their applications. However, portal administrators should always ensure that applications running in an enterprise portal can be trusted not to make malicious use of the data.
The .epa files, in which the workspaces are packaged for transport, may include personal or sensitive information. To protect this information, we recommend the following security measures:
If you choose to store the export package in the file system, the .epa files are saved to a folder of your choice. Make sure that this folder is protected by appropriate permissions.
After the .epa file has been used and is not required anymore, make sure that it is permanently deleted from the file system and all other caches.
When transferring the file on a digital storage device such as disk on key or saving it as a backup, make sure that the file is protected, for example, archived in a password-protected ZIP file.
For SAP NetWeaver 7.0x, navigate to http://help.sap.com/nw70 and choose .
In SAP Library, choose
.For SAP NetWeaver 7.3x, navigate to http://help.sap.com/nw73 and choose .
In SAP Library, choose
.