Show TOC

SAP Gateway Foundation Security GuideLocate this document in the navigation structure

Use

Security mechanisms prevent unauthorized and unauthenticated individuals from accessing and reading data.

In SAP Gateway Foundation, these mechanisms are designed so that both SAP Gateway Foundation users and SAP Gateway Foundation components perform only the actions that they are allowed to perform. This results in the protection of sensitive data and confidential business information, and prevents data from being compromised.

The SAP Gateway Foundation Security Guide provides information about security aspects, including the following:

For information about support of HTTP Strict Transport Security (HSTS), see 2202116 Information published on SAP site. See also 2042819 Information published on SAP site.

For information about security enhancements for OData version 4 (V4), see Security Enhancements for OData V4.

This document is not included as part of the installation and configuration guide. Such guides are only relevant for a certain phase of the software lifecycle, whereas the security guide provides information that is relevant for all lifecycle phases.

Security Aspects for Additional Components

If you use one or more of the additional SAP NetWeaver components, the following security aspects need to be taken into account:

Target Audience

The information contained in this guide is relevant for:

  • Technology consultants

  • System administrators

General Security Considerations

SAP Gateway Foundation uses open protocols in its communication channels, such as HTTPS.

Generally, you must secure your communication channels. To make it difficult for unauthorized persons to obtain sensitive data passing through the channel between an SAP system and SAP Gateway Foundation, you can secure the communication channels with, for example, the following:

  • Secure Sockets Layer (SSL)

  • Designated network segments for communication pathways

  • Security schemes that defend against denial-of-service attacks

In addition, consider the security implications when you enable the query result ID cache feature in the applications you develop in SAP Gateway Foundation.

Auditing

Since SAP Gateway Foundation is part of the SAP NetWeaver offering, it uses the standard SAP NetWeaver mechanisms for security-related incidents. Consequently, there are no logs specifically available for security incidents and configuration changes for SAP Gateway Foundation.