Show TOC Start of Content Area

Background documentation Security Issues  Locate the document in its SAP Library structure

In this section you can find general information on security-critical issues when working with the NW SAP RFC SDK.

Programming Issues

      RFC client receiving call-backs from an SAP system

If you want to enable an external RFC client to receive call-backs from an SAP system you have to implement the corresponding RFC server functionality in addition to the proper client functions of the external program. This means that the server-related security issues may affect your external RFC client as well.

      Logon Check for registered RFC servers

If an RFC server is registered on an RFC gateway, it is generally possible to send calls from other SAP systems (not relevant to this gateway) or from external RFC clients to this server. If, for security reasons, the server should only be able to be called by specified systems or users, the server must implement its own logon data check and reject unwanted initiators.

Note

For detailed information on executing this logon check see SAP note 1058327.

Administration Issues

      Using the sapnwrfc.ini file

You can generally use the sapnwrfc.ini file as a repository for connection parameters that can be referenced by the corresponding functions in order to relieve programming activities. As the information included in this file is stored on the server’s hard disc it may be subject to external attacks. Therefore it is strongly recommended to avoid the storage of security-related data in this file. Security-critical parameters are mainly User and Password, but also information about message server names, program ID or gateway information may be affected.

      Configuring registered RFC servers via transaction SM59

If you specify an external RFC server as RFC destination via transaction SM59 you need to enter the corresponding program ID of the RFC server. This program ID can – if known – generally be used by other external servers (not related to the SAP gateway) to establish a connection to an SAP system. Therefore, it is generally recommended to:

       Implement a dynamic (changeable) token for this program ID in the external RFC server.

       Choose a value for this program ID that exhausts the provided number of digits in order to make it as secure as possible.

Further Information

You can find general information on RFC security issues here:

      RFC/ICF Security Guide

      Security Settings in the SAP Gateway

 

 

 

 

 

 

 

 

End of Content Area