Configuring user mapping between the portal and BSP systems exposes a security risk where the user ID and password is exposed in the HTTP header. You have the following options to eliminate this risk:
● Reconfigure the systems to use single sign-on with logon tickets. This requires that users have the same user ID in the portal as well as in the BSP systems.
● Upgrade the portal system to NetWeaver 2004s SPS 7 or later and upgrade the BSP system as described in SAP Note 904249. This enables both systems to support HTTP POST in combination with SSL.