Hi,
We have developed a Web portal application for a Bank.
In this application, anyone (within the bank as well as outside the bank) can register their personal and professional
information.
This information is entered via the Webdynpro ABAP portal created by us and stored in SAP SRM server.
An Audit took place in the bank and following was a major concern:
Vulnerability : Non-SSL Form
Since the application can be accessed from outside the banking network,
data such as the authentication information (Username , email, password,) is sensitive.
Solution suggested:
Use Bank external Authority Certificate to secure the exchange of data between Client browser and server.
My questions:
1) How do we implement this in application ? Should the certificate be installed on SRM Server ?
2) Will this certificate be given by the bank ?
3) How will the certificate reach client browser ? Do we need to write abap code to send the certificate file to client
browser folders
like Google Chrome, Mozilla and Internet Explorer etc. ?