Configuring SSFS for Oracle database

Why?

If you are not new to SAP on Oracle you must know how the authentication between SAP and Oracle used to work (OPS$ Mechanism).

In this method the user OPS$<SIDADM> which is authorized by <SID>ADM will log in to database to retrieve the encrypted password for the schema user stored in the database table OPS$<SIDADM>.SAPUSER. Now the application will use the credentials retrieved to log into the database.

This method was potentially considered to be insecure and is not supported by Oracle after release 11g.

The connect to the Oracle database using the OPS$ method contains a vulnerability that makes it possible for a malicious user to log on to the database as an OPS$ user without entering a password unless relevant measures are taken into consideration.

You can find more information about this in the blog below:

http://scn.sap.com/community/oracle/blog/2012/10/15/sunset-for-ops-mechanism-no-more-supported-by-oracle-not-used-by-sap

What?

SSFS (Secure Storage in File System) is a mechanism for storing the credentials required for application (SAP) to log into the database in the file system instead of database itself. This mechanism has been introduced by SAP from Kernel 7.20.

All SAP systems which will use future versions after oracle 11g can be operated with SSFS only.

How?

SSFS Implementation – Oracle SAP

Advertisements