During the course of product evaluations for a customer, the Technology Evaluation Center has uncovered a potential security hole in SAP R/3's three-tier architecture. SAP has revealed that they expect the database or third party products to handle security between the application server and the database server. If the client does not take these extra measures, the master password for the SAP database instance travels over the network in the clear, and can be captured. PeopleSoft has the same issue.
network security softwares
states that their Secure Network Communications Interface (BC-SNC) has the following certified interfaces: CyberSafe (TrustBroker Security Solution for R/3), Entrust/PKI, Platinum Technology (Computer Associates) Single Sign On, Seclude Sicherheitstechnologie Informationssysteme Seclude for R/3, and Security Dynamics Technology Keon Agent for R/3. They state SAP has decided not to include cryptographic modules in its own software. Instead, external products can be integrated. Market Impact TEC feels