During the course of product evaluations for a customer, the Technology Evaluation Center has uncovered a potential security hole in SAP R/3's three-tier architecture. SAP has revealed that they expect the database or third party products to handle security between the application server and the database server. If the client does not take these extra measures, the master password for the SAP database instance travels over the network in the clear, and can be captured. PeopleSoft has the same issue.
open request for proposal florida
database as well as open interfaces to external security products. Typically, database specific features - from e.g. Oracle, MS SQL, etc. - are used to protect initial logon. In case the data transfer needs to be secure also either database specific or database independent security mechanisms can be used. However, note that SAP advises to use a separate, internal subnet in the networking environment. Thus, if it is physically impossible to sniff, the security mechanisms are not mandatory. Note, that