on 07-05-2011 11:08 PM
Hi Experts,
I have a requirement here,i used a SAP function module that authenticate the SAP user name and password to authenticate user.
Now the end user sends a https call from his mobile device like this:
http://xx.xxx.xxx.xxx/sap/USERNAME=myusername&PASSWORD=mypassword.
I am extracting the the user name and password then try to authenticate the user name and password in my web service.
In this form of URL anyone can easily hack the user name and password.
Can anyone tell me how can i secure user name and password in this scenario????
I don't want to use Basic authentication settings because if end user try with a wrong password its gets user locked.
I would really thankful to you!!!
Thanks,
Sanjay@tpc
Edited by: Gourav Khare on Jul 6, 2011 10:23 AM: Message Subject changed
Hi.
Do not send a username password combination but a username hash(username:password) combination, also work with hashvalues in your backend not with passwords saved anywhere.
Passwords should never be send over the network and should neither be stored.
The http get parameters are also secured via https, so as long as your ssl connection is not compromised it is no problem to transfer them in a "fat url".
Best regards
Roland
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think that Alternative Logon Order, can be nice for your issue.
Take a look:
http://help.sap.com/saphelp_nw04/helpdata/en/c6/839c4eea6f374b8e230ef4b152b110/frameset.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Sanjay aka Marco,
Please desist posting same question multiple time, you are also using two id on SCN. Using clones is strictly forbidden and kindly raise request to delete your one id and keep another.
Now regarding your question it is unclear what you are trying to achieve, can you be more specific with some example to make us uderstand what actual problem is.
Regards,
Gourav
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.