Show TOC

Other Security-Related InformationLocate this document in the navigation structure

The following topics provide an overview of additional security-related information for AS Java.

  • Security on the JMS Service

    In this topic, we discuss the security aspects of the Java Message Service of AS Java. This service is used for exchanging messages between two or more Java clients. The security issues discussed include authorization, authentication checking, policy configurations, and communication protocols and ports.

  • Java Virtual Machine Security

    AS Java runs in a Java Virtual Machine in your operating system. This topic provides an overview of the related security information.

  • Securing UME Mail Notifications

    You can configure the user management engine (UME) to send email notifications through a Simple Mail Transfer Protocol (SMTP). However, the UME does not support Simple Mail Transfer Protocol Secure (SMTPS), which requires additional setup.


    To secure the SMTP connection, you have to use an encrypted channel. We recommend establishing a virtual private network to secure the connection.

  • Security Aspects of the Database Connection

    AS Java uses the user persistence data stores provided for security and integrity of the data in cases of system upgrade or server failure. This topic provides an overview of the security mechanisms used for the integrity and confidentiality of the configuration and source code data stored in the user persistence stores.

  • Destination Service

    Provides an overview of the security mechanisms in the Destinations service of AS Java. The Destination service is used by applications or services to specify the remote service's address and the user authentication information to use for connecting to other services.

  • Protecting Sessions Security 

    AS Java applications can use system cookies to track user data (such as sessions tracking and logon data). These cookies contain sensitive information about the user. To prevent potential misuse of session information, the cookies therefore should not be exposed to client-side scripts. To increase the security protection of system cookies, you can enable the use of the additional system cookie attribute HttpOnly.

  • Creating Secure Connections Using JavaMail

    Applications that use the JavaMail Client Service can create secure connections with mail servers instead of plain connections. The security of connections can include the following aspects:

    • (Mandatory) Certificate-based authentication of the parties
    • (Optional) Signature and encryption of mail content
  • Improved Protection Versus Login-XSRF 

    Lists preferred settings for improved protection against login cross-site request forgery.

  • Enabling the Clickjacking Protection Service

    To prevent malicious applications from misusing SAP Web applications for clickjacking attacks, it is necessary to protect the Web applications accordingly, especially if they contain sensitive functions.

  • Configuring the Clickjacking Framing Protection Whitelist

    If you want to protect certain applications against clickjacking attacks, you can configure them in the clickjacking whitelist.