11-08-2008 10:38 PM
Hi Experts,
I have a requirement which says when accessing a J2EE engine it should be accessed on http and when a user log in the password and session should be on https, we are currently on NW04s SP16, Enterprise Portal.
For Example:http://****.local should take a user right to the login page. Then the password should be passed over ssl.
Thanks
11-09-2008 9:23 PM
Perhaps I have missed something here and am stating the obvious, but have you considered blocking ports you don't want and disabling services you don't need?
In service.sap.com/security there is a document on which ports are needed for what in SAP environments and some guides on infrastructure security.
That would be a good place to start.
Cheers,
Julius