This guide is to provide you with an overview of the security aspects and recommendations when using the SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP for your applications.
There is also a SAP NetWeaver Application Server Java Security Guide.
This guide does not describe the administration or development functions for security on the SAP NetWeaver AS ABAP. Such information is provided in the corresponding documentation. It only provides the additional information that applies to specific application types.
This guide is divided into the following sections:
This section describes security aspects involved with user authentication, for example, logon security, password rules and preventing unauthorized logons. In addition, it describes how to protect the standard users SAP*, DDIC, and EARLYWATCH.
This section provides a brief overview of the SAP authorization concept and how you can use it to protect your applications from misuse.
This section provides an overview of the protocols used by the SAP NetWeaver AS ABAP and the mechanisms to use to provide security for connections at the network transport layer.
This section describes how to prevent undesirable changes from being made in your productive system by using the Change and Transport System (CTS) and the Transport Management System (TMS).
This section describes the security aspects involved when using public-key technology for digital signature and encryption functions.
Security aspects that apply to additional topics are also included. Such topics are:
Ў Executing logical operating system commands in SAP systems
Ў Batch input
Ў Preventing disclosure of the SAPconnect RFC user
Ў Internet Graphics Service security
In addition, see the topic Security Aspects for BSP and Security Aspects for Web Dynpro for ABAP in the Security Aspects for Usage Type DI and Other Development Technologies section of the SAP NetWeaver Security Guide: