During the course of product evaluations for a customer, the Technology Evaluation Center has uncovered a potential security hole in SAP R/3's three-tier architecture. SAP has revealed that they expect the database or third party products to handle security between the application server and the database server. If the client does not take these extra measures, the master password for the SAP database instance travels over the network in the clear, and can be captured. PeopleSoft has the same issue.
freeware receipt for work done