The portal offers the same authentication mechanisms as the J2EE Engine. For an overview of the available mechanisms and how to configure them, see Authentication on the J2EE Engine and Configuring Authentication Mechanisms.
This authentication mechanism is based on the Basic Authentication feature of the HTTP protocol. When you configure the portal to use HTTP Basic Authentication as authentication mechanism, authentication data is transported in clear text (base 64 encoded). This means that passwords can easily be read by an attacker with physical access to the network path between the client and the Portal Server. The attacker can then impersonate portal users. This is not a weakness of the NetWeaver Portal itself, but a weakness of the standardized HTTP Basic Authentication mechanism.
For this reason, we strongly recommend using Secure Sockets Layer (SSL) between the client and Portal Server, since this will encrypt all information exchanged between client and server including the authentication credentials.