With SAP Business One 10.0, HANA version, SAP introduced also move from HANA 1.0 to HANA 2.0 version, which is more secure and allows multi-tenancy as is described on our page SAP Business One, Version 10.0 .
One of the security enhancements is related to the change of the password hashing algorithm to the cryptographic hashing method pbkdf2 (Password-Based Key Derivation Function). This change, however, brought also side effects of performance degradation. It is caused by the artificial adding of the additional time (several milliseconds) for step "open connection" to queries. On one side, this method is superior compared to the previous password authentication method as it is resistant to brute-force password-guessing attacks. On the other side, it is leading to performance degradation in case there are many queries executed by the add-on and each of those queries needs to open its connection.
Based on discussion with SAP, we were able to find a way how to improve the performance of our Coresuite add-on. With Coresuite Framework 7.65, we are introducing a new option for connection to the HANA database, where you can decide if you want:
- pbkdf2 authentication - Secure method of authentication, but can degrade the performance of all actions where queries are involved
- password authentication - Less secure authentication, but improves the performance of the execution of queries
The performance improvement depends on the scenario and amount of queries to be executed.
SAP is still working on other improvements related to connection/performance and we are in continuous discussions with them.
How to change the authentication method
The authentication method is used during connection to the database, so it is included directly in the Connection String.
In order to configure the authentication method, for existing Coresuite installations, you need to reset the current Connection String. You can do so by navigating in SAP Business One to:
1. Administration → Add-Ons → coresuite administration → Administration.
2. Open the Settings tab → Click on the Reset Connection String button and confirm resetting it.
Once Coresuite has been restarted, you will be prompted to insert HANA credentials and you can select from the drop-down also the authentication method in the connection pop-up:
Please keep in mind that the pbkdf2 authentication method is a security standard of SAP for HANA 2.0 and it is not recommended to decrease the level of security to password authentication in multi-tenant cloud environments.