Security mechanisms prevent unauthorized and unauthenticated individuals from accessing and reading data.
In SAP Gateway Foundation, these mechanisms are designed so that both SAP Gateway Foundation users and SAP Gateway Foundation components perform only the actions that they are allowed to perform. This results in the protection of sensitive data and confidential business information, and prevents data from being compromised.
The SAP Gateway Foundation Security Guide provides information about security aspects, including the following:
For information about security enhancements for OData version 4 (V4), see Security Enhancements for OData V4.
This document is not included as part of the installation and configuration guide. Such guides are only relevant for a certain phase of the software lifecycle, whereas the security guide provides information that is relevant for all lifecycle phases.
Security Aspects for Additional Components
If you use one or more of the additional SAP NetWeaver components, the following security aspects need to be taken into account:
The information contained in this guide is relevant for:
Technology consultants
System administrators
SAP Gateway Foundation uses open protocols in its communication channels, such as HTTPS.
Generally, you must secure your communication channels. To make it difficult for unauthorized persons to obtain sensitive data passing through the channel between an SAP system and SAP Gateway Foundation, you can secure the communication channels with, for example, the following:
Secure Sockets Layer (SSL)
Designated network segments for communication pathways
Security schemes that defend against denial-of-service attacks
In addition, consider the security implications when you enable the query result ID cache feature in the applications you develop in SAP Gateway Foundation.
Auditing
Since SAP Gateway Foundation is part of the SAP NetWeaver offering, it uses the standard SAP NetWeaver mechanisms for security-related incidents. Consequently, there are no logs specifically available for security incidents and configuration changes for SAP Gateway Foundation.