The "S" in SAP Doesn't Stand for Security (that goes for PeopleSoft too)
M. Reed - December 8, 1999

Event Summary

During the course of product evaluations for a customer, the Technology Evaluation Center has uncovered a potential security hole in SAP R/3's three-tier architecture. SAP has revealed that it expects the database or third party products to handle security between the application server and the database server. If the client does not take these extra measures, the master password for the SAP database instance travels over the network in the clear, and can be captured. PeopleSoft has the same issue...