The following topics provide an overview of additional security-related information for AS Java.
In this topic, we discuss the security aspects of the Java Message Service of AS Java. This service is used for exchanging messages between two or more Java clients. The security issues discussed include authorization, authentication checking, policy configurations, and communication protocols and ports.
AS Java runs in a Java Virtual Machine in your operating system. This topic provides an overview of the related security information.
You can configure the user management engine (UME) to send email notifications through a Simple Mail Transfer Protocol (SMTP). However, the UME does not support Simple Mail Transfer Protocol Secure (SMTPS), which requires additional setup.
To secure the SMTP connection, you have to use an encrypted channel. We recommend establishing a virtual private network to secure the connection.
AS Java uses the user persistence data stores provided for security and integrity of the data in cases of system upgrade or server failure. This topic provides an overview of the security mechanisms used for the integrity and confidentiality of the configuration and source code data stored in the user persistence stores.
Provides an overview of the security mechanisms in the Destinations service of AS Java. The Destination service is used by applications or services to specify the remote service's address and the user authentication information to use for connecting to other services.
AS Java applications can use system cookies to track user data (such as sessions tracking and logon data). These cookies contain sensitive information about the user. To prevent potential misuse of session information, the cookies therefore should not be exposed to client-side scripts. To increase the security protection of system cookies, you can enable the use of the additional system cookie attribute HttpOnly.
Applications that use the JavaMail Client Service can create secure connections with mail servers instead of plain connections. The security of connections can include the following aspects:
Lists preferred settings for improved protection against login cross-site request forgery.
To prevent malicious applications from misusing SAP Web applications for clickjacking attacks, it is necessary to protect the Web applications accordingly, especially if they contain sensitive functions.
If you want to protect certain applications against clickjacking attacks, you can configure them in the clickjacking whitelist.