Security mechanisms prevent unauthorized and unauthenticated individuals from accessing and reading data.
In SAP Gateway, these mechanisms are designed so that both SAP Gateway users and SAP Gateway components perform only the actions that they are allowed to perform. This results in the protection of sensitive data and confidential business information, and prevents data from being compromised.
The SAP Gateway Security Guide provides information about security aspects, including the following:
This document is not included as part of the installation and configuration guide. Such guides are only relevant for a certain phase of the software lifecycle, whereas the security guide provides information that is relevant for all lifecycle phases.
Security Aspects for Additional Applications
If you use one or more of the additional SAP NetWeaver components, the following security aspects need to be taken into account:
The information contained in this guide is relevant for:
SAP Gateway uses open protocols in its communication channels, such as HTTPS.
Generally, you must secure your communication channels. To make it difficult for unauthorized persons to obtain sensitive data passing through the channel between an SAP system and SAP Gateway, you can secure the communication channels with, for example, the following:
Secure Sockets Layer (SSL)
Designated network segments for communication pathways
Security schemes that defend against denial-of-service attacks
In addition, consider the security implications when you enable the query result ID cache feature in the applications you develop in SAP Gateway. For more information, see Query Results Caching.
Since SAP Gateway is a part of the SAP NetWeaver offering, it uses the standard SAP NetWeaver mechanisms for security-related incidents. Consequently, there are no logs specifically available for security incidents and configuration changes for SAP Gateway.