Security Aspects for Database Connections

When connecting to databases, the AS Java as well as the applications deployed on it authenticate themselves by means of a user name and a password. They are specified only once, when the DataSource that is used to provide the database connection is created. The DataSource is initialized with the supplied credentials and uses them for the authentication of all physical connections that it provides.

You may use one of the following options for database connectivity:

• Using the default DataSource, you can connect to the system database in which the AS Java stores its information
• You can register a new DataSource to connect to another database that your application uses

Using the Default DataSource

The default DataSource is created at installation and is used by all AS Java services that need to connect to the system database. The applications that you later deploy on the server may also use this DataSource.

More information: Running JPA Applications on the System Data Source

The default DataSource uses the standard database schema user SAP < SID >DB , where < SID > is the system identifier - for example, J2E . The password for this user is defined at installation.

The user name and password for the default DataSource, are stored encrypted in a secure storage. The parameters for this secure storage are the following properties of the Configuration Manager:

• secstorefs.keyfile
• secstorefs.lib
• secstorefs.secfile
  Caution

  You cannot establish a database connection and respectively run the AS Java without using a secure storage. It is highly recommended that you do not change the default properties.

To change the password of the default user, you must:

• Change the user password in the database.

  For more information on how to do that, refer to the SAP NetWeaver Security Guide.

• Maintain the relevant entry in the secure storage:
  1. Start the Config Tool. (Execute the configtool script file in <ASJava_install_dir>\configtool.)
  2. Select secure store. The configuration for the secure storage in the file system appears.
  3. Select the jdbc/pool/<SID>/Password entry.
  4. Enter the database user's new password in the Value field and choose Add.
  5. Choose File → Apply to save the data. The new password is used to connect the AS Java to the database the next time it is restarted.

Connecting with a User-Defined DataSource

If you need to connect to another database, you have to register a new DataSource using the JDBC Connector Service.

More information:

Managing JDBC DataSources

Deploying Data Sources

To create the DataSource, you must supply a valid user name and password for the database schema. The AS Java stores this data encrypted.

Managing Secure Storage in the File System