https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970250#M1491159 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>yes, you have two options. First one is to use SNC to secure communication between two SAP gates. Second one is to create a secure channel using SAP router. Here is a scheme rom SAP documentation gateway1 u2013 SAProuter1 u2013 SAProuter2 u2013 gateway2. Again, SAP router will use SNC to secure communication.</P><P></P><P>Cheers</P></BODY></HTML> Sat, 29 May 2010 08:55:32 GMT mvoros 2010-05-29T08:55:32Z https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970246#M1491155 <HTML><HEAD></HEAD><BODY><P>When a user logs on to the system through the GUI, is the password going clear text or is it encrypted? What about the Portal?</P><P></P><P>Also, if there is an interface between two SAP systems, do the IDocs go through using an encrypted protocol (internal network) or is that something you have to implement? Should we be encrypting the transmission? Does SAP provide the functionality or is it something extra?</P><P></P><P>Thanks,</P></BODY></HTML> Thu, 27 May 2010 21:51:14 GMT https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970246#M1491155 Former Member 2010-05-27T21:51:14Z https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970247#M1491156 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>With SAP GUI the password is normally entered in login screen and passed to SAP server in compress format, so it is not very secure. This is why SNC is becoming very common. When you use SNC to authenticate during logon with SAP GUI, there is no password transmission, not even encrypted passwrod. If you are concerned about security, I suggest you look at using SNC for authentication with SAP GUI.</P><P></P><P>Thanks,</P><P>Tim</P></BODY></HTML> Thu, 27 May 2010 22:12:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970247#M1491156 tim_alsop 2010-05-27T22:12:56Z https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970248#M1491157 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>as it was mentioned by default the password is sent as plain text when you use SAP GUI. Actually, it's obfuscated but by fixed transformation so there is no difference. The portal security depends on what protocol you use to access it. HTTPS is way to go if you don't want passwords in plain text form. IDocs are usually transferred using RFC call ans there is a similar situation as in GUI. By default the password goes as plain text unless you use SNC.</P><P></P><P>I would suggest you starting with security guides for your SAP products. You can find them on [service.sap.com/securityguides|http://service.sap.com/securityguide] and they contain answers for all your questions.</P><P></P><P>Cheers</P></BODY></HTML> Thu, 27 May 2010 23:50:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970248#M1491157 mvoros 2010-05-27T23:50:24Z https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970249#M1491158 <HTML><HEAD></HEAD><BODY><P>Thank you all. What about interfaces? Is it the same concept?</P><P></P><P>I just read something online that confused me saying that if the saprouter is used, SNC is not needed. Don't get it? </P><P><A href="http://help.sap.com/saphelp_nw04/Helpdata/EN/21/c6a73860bf5f2ce10000009b38f8cf/frameset.htm" target="test_blank">http://help.sap.com/saphelp_nw04/Helpdata/EN/21/c6a73860bf5f2ce10000009b38f8cf/frameset.htm</A></P><P></P><P>Thanks,</P></BODY></HTML> Fri, 28 May 2010 11:32:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970249#M1491158 Former Member 2010-05-28T11:32:16Z https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970250#M1491159 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>yes, you have two options. First one is to use SNC to secure communication between two SAP gates. Second one is to create a secure channel using SAP router. Here is a scheme rom SAP documentation gateway1 u2013 SAProuter1 u2013 SAProuter2 u2013 gateway2. Again, SAP router will use SNC to secure communication.</P><P></P><P>Cheers</P></BODY></HTML> Sat, 29 May 2010 08:55:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/interface-transmission-encryption-password-encryption/m-p/6970250#M1491159 mvoros 2010-05-29T08:55:32Z