Show TOC

Network and Communication SecurityLocate this document in the navigation structure

Use

Your network infrastructure is extremely important in protecting your system. Your network needs to support the communication necessary for your business needs without allowing unauthorized access. A well-defined network topology can eliminate many security threats based on software flaws (at both the operating system and application level) or network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, then there is no way for intruders to compromise the machines and gain access to the backend system's database or files. Additionally, if users are not able to connect to the server LAN (local area network), they cannot exploit well-known bugs and security holes in network services on the server machines.

The network topology for the user interface add-on for SAP NetWeaver is based on the topology used by the SAP NetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply to the user interface add-on for SAP NetWeaver. Details that specifically apply to the user interface add-on for SAP NetWeaver are described in the following sections.

Internet Scenarios

In Internet scenarios, it is important to validate incoming requests before routing them to a server where data will be processed.

The JavaScript API that uses the start-up service sends requests directly to a back-end system without using a proxy where incoming requests could be validated. For this reason, SAP does not support the start-up service for Internet scenarios.

Protecting Access to Page Administration

Administrators should be able to access the page builder and the page administration user interface (UI) on the same host and port. In order to personalize pages, end users also need access to the page builder, but they should not be allowed to access the page administration UI.

In order to protect the page administration UI from access by end users, you have to execute the page builder either on two different hosts or on two different ports.