SAP NetWeaver Application Server Security GuideSAP NetWeaver Application Server ABAP Security GuideUser AuthenticationAuthentication and Single Sign-OnLogon and Password Security in the SAP SystemPassword RulesSecurity Measures Related to Password RulesPassword Storage and TransportProfile Parameters for Logon and Password (Login Parameters)Secure Network Communications (SNC)Client CertificatesLogon TicketsUser TypesProtecting Standard UsersDefining a New Superuser and Deactivating SAP*Preventing Unauthorized LogonsRecognizing and Preventing Multiple Dialog User LogonsSecurity Measures When Using SAP ShortcutsAdditional Information on User AuthenticationSAP Authorization ConceptOverviewOrganizing Authorization AdministrationOrganization if You Are Using the Profile GeneratorSetting Up AdministratorsSetting Up Role MaintenanceAuthorization Objects Checked in Role MaintenanceOrganization without the Profile GeneratorCreating and Maintaining Authorizations/Profiles ManuallyAuthorization ChecksReducing the Scope of Authorization ChecksSearching for Deactivated Authority ChecksGlobally Deactivating Authorization ChecksProtective Measures for Special ProfilesAuthorization Profile SAP_ALLAuthorization Profile SAP_NEWUser Information SystemCentral User AdministrationSecurity Aspects of the CUAAdditional Information About the SAP Authorization ConceptNetwork Security for SAP Web AS ABAPSAP Web AS ABAP PortsProtecting Your Productive System (Change & Transport System)The SAP System LandscapeThe Three-Tier System LandscapeThe Common Transport DirectoryUsing the TMS Quality Assurance Approval ProcedureConfiguring the System Landscape for ChangesRelease 3.1As of Release 4.0Defining the Transport ProcessTransport RoutesThe Transport ProcessResponsibilities and Their Corresponding AuthorizationsRoles and ResponsibilitiesAuthorizationsSecurity for the RFC ConnectionsDefaultTMS Trusted ServicesSecure Network CommunicationsProtecting Security-Critical ObjectsProtecting the System Profile Parameter FilesProtecting the Table for Maintaining System Clients (Table T000)Protecting Other Security-Critical ObjectsEmergency Changes in the Productive SystemAdditional Information on the Change and Transport SystemSecurity Aspects When Using Business ObjectsSAP Business Partner SecuritySAP Product SecuritySecure Store & Forward Mechanisms (SSF) and Digital SignaturesGeneral InformationProtecting KeysProtecting the Application Server’s KeysAdditional Information on SSF and Digital SignaturesSpecial TopicsLogical Operating System CommandsRestrict Authorizations for Maintaining External CommandsRestrict Authorizations for Executing External CommandsAdditional Information on Logical Operating System CommandsBatch InputAn Overview of the Batch Input ProcessProtecting the Batch Input SessionsProtecting Disclosure of the SAPconnect RFC UserPreventing or Logging List DownloadsInternet Graphics Service SecuritySAP NetWeaver Application Server Java Security GuideBefore You StartTechnical System LandscapeUser Administration and AuthenticationUser Administration and Standard UsersUser Administration ToolsUser TypesStandard UsersStandard User GroupsUser Data SynchronizationAuthentication Mechanisms and Single Sign-On IntegrationDeclarative and Programmatic AuthenticationLogin Modules and Login Module StacksLogin ModulesLogin Module StacksAuthentication SchemesIntegration in Single Sign-On EnvironmentsAuthorizationsStandard RolesPermissions, Actions, and UME RolesStandard UME ActionsNetwork SecurityTransport Layer SecurityCommunication Channel SecurityUsing an Intermediary Server to Connect to the J2EE EngineCommunication Security for the Web ContainerCommunication Security for the EJB ContainerCommunication Security for Web ServicesCommunication Security for Persistency StoresCommunication Security for Software DeploymentJ2EE Engine PortsData Storage SecurityDispensable Functions with Impacts on SecurityOther Security Relevant InformationSecurity on JMS ServiceJava Virtual Machine SecuritySecurity Aspects for the Database ConnectionWorking with the SDMDestination ServiceTracing and LoggingUME Logging and MonitoringSecurity Aspects When Using HTTP and Web Container TracingMasking Security-sensitive Data in the HTTP Access LogInternet Transaction Server SecurityDefining SAP Transactions as Internet ApplicationsThe Architecture of the Internet Transaction Server (ITS)A Secure Network Infrastructure for the ITSProtecting the Server and Network ComponentsProtecting the Web ServerProtecting the AGate ServerProtecting the SAP System Application ServersTCP Ports Used by the ITSUsing the SAProuterUsing Other Firewall ComponentsAn Example Network SetupAn Example Network Setup (with Client LAN)Using Additional Security Mechanisms / Providing PrivacyAuthenticating UsersAuthenticating Internet Users (Service Users)Authenticating Named Users With User ID and PasswordAuthenticating Named Users Using X.509 Client CertificatesSecurity Measures When Using Client CertificatesProtecting Session IntegritySetting Security LevelsSecurity-Relevant Settings for IACsSAP Web AS with Integrated ITSAdditional Information on SAP Internet Applications and the ITSVirus Protection and SAP GUI Integrity Checks