Show TOC Start of Content Area

Background documentation Other Security Relevant Information  Locate the document in its SAP Library structure

The following topics provide an overview of additional security related information for the AS Java.

·        Differences Between Development Mode and Productive Mode 

In this topic, we mention configuration settings that are different between development mode and productive mode. Therefore, if you switch from development to productive mode, you should adjust these settings accordingly.

·        Security on the JMS Service

In this topic we discuss the security aspects of the Java Message Service of the AS Java. This service is used for exchanging messages between two or more Java clients. The security issues for this service that are discussed include authorization, authentication checking, policy configurations and communication protocols and ports.

·        Java Virtual Machine Security

The AS Java runs in a Java Virtual Machine within your operating system. This topic gives an overview of the related security information.

      Security Aspects of the Database Connection

The AS Java uses the user persistence data stores provide for security and integrity of the data in cases of system upgrade or server failure. This topic gives an overview of the security mechanisms used for the integrity and confidentiality of the configuration and source code data stored in the user persistence stores.

      Destination Service

Provides an overview of the security mechanisms in the Destinations service of AS Java. The Destination service is used by applications or services to specify the remote service’s address and the user authentication information to use for connecting to other services.

      Protecting Sessions Security 

AS Java applications can use system cookies to track user data (such as sessions tracking, logon data, etc). These cookies contain sensitive information about the user, therefore to prevent potential misuse of session information the cookies should not be exposed to client side scripts. To increase the security protection of system cookies, you can enable the use of the additional system cookie attribute HttpOnly. 

      Improved Protection Versus Login-XSRF 

Lists preferred settings for improved protection against login cross-site request forgery.

End of Content Area