To protect access to the SAPUSER table and the SAP database user SAP<SAPSID>, or SAPR3 note the following:
· Change the passwords for SAP<SAPSID> or SAPR3, and <sapsid>adm regularly.
· Only define OPS$ users for the Windows users that are necessary for operating the SAP system. These are typically the users SAPService<SAPSID> and <sapsid>adm; however, you may assign them other names. (In this guide, we refer to SAPService<SAPSID> and <sapsid>adm.) For more information about creating OPS$ users under Windows, see SAP Note 50088.
· With the Oracle network protocol SQL*Net, you can also use the file sqlnet.ora to restrict access to the database using IP addresses. In this file, you specify invited and excluded IP addresses.
tcp.validnode_checking = yes
tcp.invited_nodes = (220.127.116.11, ...)
tcp.excluded_nodes = (18.104.22.168, ...)
In this way, you can make sure that only specific hosts (for example, only the application server host) can access the database.