User Authentication on Front-End Client

In ABAP Development Tools, you always work with ABAP projects to access development objects from back-end systems. An ABAP project represents a real system connection and therefore it requires an authorized user to access the corresponding system. Every time you work with an ABAP project, you must first log on to the front-end client. With the logon method, also known as standard authentication, the user enters his or her user ID and password on the front-end client in order to log on to the ABAP back-end system.

Risks

Standard authentication with explicit specification of user ID and password means that user data entered at the front-end client is loaded into the main memory of the local host as clear text.

A password that is buffered locally, however, represents a potential security gap because it could be extracted in some way from the memory by a third party.

Protection Measures

In addition to Secure Network Communication (SNC), the ABAP Development Tools support the Single Sign-On (SSO) mechanism provided by SAP NetWeaver. Using SSO, the user does not need to enter a user ID and password for authentication but can access the system directly after the system has checked the logon ticket. Therefore, besides SNC (recommended to be enabled for security reasons), we recommend using the SSO mechanism for authentication when working with ABAP projects on the front-end client.

Note The ABAP Development Tools support the measures recommended: Every time you want to create a new ABAP project for a system connection for which the SNC is not enabled, you will be faced with a corresponding warning message in the creation wizard.

Figure 1: Warning when creating an ABAP project with no SNC system connection