Show TOC

User Authentication on Front-End ClientLocate this document in the navigation structure

In ABAP Development Tools, you always work with ABAP projects to access development objects from back-end systems. An ABAP project represents a real system connection and therefore it requires an authorized user to access the corresponding system. Every time you work with an ABAP project, you must first log on to the front-end client. Then, with a logon method for the SAP system, you connect to the backend system via the ABAP project. For the logon method, also known as standard authentication, the user enters his or her user ID and password on the front-end client in order to log on to the ABAP back-end system.

Risks

Standard authentication with explicit specification of user ID and password means that user data entered at the front-end client is loaded into the main memory of the local host as clear text.

A password that is buffered locally, however, represents a potential security gap because it could be extracted in some way from the memory by a third party.

Protection Measures

In addition to Secure Network Communication (SNC), ABAP Development Tools support the Single Sign-On (SSO) mechanism provided by SAP NetWeaver. Using SSO, the user does not need to enter a user ID and password for authentication but can access the system directly after the system has checked the logon ticket. Therefore, besides SNC (recommended to be enabled for security reasons), we recommend using the SSO mechanism for authentication when working with ABAP projects on the front-end client.

Note

The ABAP Development Tools support the measures recommended: Every time you want to create a new ABAP project for a system connection for which the SNC is not enabled, you will be faced with a corresponding warning message in the creation wizard.

Warning when creating an ABAP project with no SNC system connection
Figure 1: Warning when creating an ABAP project with no SNC system connection
Recommendation

You can use assertion tickets for communication destinations between various other systems to perform the authentication of frequent tasks or functions. Assertion tickets provide the highest level of security when creating an RFC or HTTP connection and easiest usability for working with an ABAP system. We therefore recommend that you use assertion tickets to allow ABAP developers to log onto an ABAP system.

To use assertion tickets, your ABAP system administrator needs to configure the profile parameters of the relevant ABAP systems.

Related Information