Security Considerations for OData Server

Take security measures into consideration before setting up OData Server.

ConsiderationDescription
HTTPS certification

Any HTTPS certificate details specified in the OData Server configuration file apply only to the embedded HTTP server. For more information about how HTTPS certification is handled through an alternative HTTP server, see the HTTP server documentation.

Traffic without use of SSL protocol

SAP recommends that you always use SSL in production deployments.

All traffic between the OData Producer and clients is transmitted in plain text, including user IDs and passwords, when the SSLKeyStore option is not specified in the OData Server configuration file. This option is not specified in default configurations.