cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hide url Parameters

velsankar_sundar
Participant

on ‎07-23-2014 12:16 PM

0 Kudos

Hi Team,

            Is it possible to hide the url parameters, when the gateway service is executed through UI5. For example from the below url is it possible to hide the parameter agencynum in the browser while it is passed to UI5.

/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/TravelagencyCollection(agencynum='00001756') .

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (7)

Answers (7)

Former Member
‎07-27-2014 6:31 PM
0 Kudos

Dear Experts,

Could any one please guide me to handle the following scenario.

1.Passing values to OData get request as request body instead URL parameters from UI5.

     (i.e)instead passing like this ../XXXService/XXEnitySet?$filter=(XXX EQ '000)

          is it possible to pass like this .../XXXService/XXXEntitySet

          Request Body:

               ...

                    <XXX>000<XXX>

               ...

          and getting the same in getEntitySet as a parameters.Something like post request,but this request calls the createEntity Method.

Dear Sreehari,

Could you please explain how to achieve this.

"do POST instead of GET so that , no URL parameters are included. All the data will be in HTTP body".
but it should not trigger createEntity method.

Thanks & Regards,

Rumeshbabu S

Show replies
Show replies
velsankar_sundar
Participant
‎07-24-2014 9:28 AM
0 Kudos

Hi All,

I just got to go through this link in sdn. It says how to handle confidential data in Odata urls

https://help.sap.com/saphelp_gateway20sp06/helpdata/en/b1/455fa3c3b14e4c9dc0d514f135bf87/content.htm...

Show replies
Show replies
sreehari_vpillai
Active Contributor
‎07-24-2014 9:30 AM
0 Kudos

POST

RB777
Product and Topic Expert
Product and Topic Expert
‎09-22-2020 4:02 PM
0 Kudos

Link opens blank page

sreehari_vpillai
Active Contributor
‎07-24-2014 5:47 AM
0 Kudos

Hi , ,

Providing the key values in the GET operation is part of OData protocol, which can not be hidden in any case.But, you can try the below alternatives,

  • Encrypt the key from back end pass it to the front end so that customer never see the original key ( draw back is to create a mapping table with original key and encrypted key-remember routing in FIORI)
  • do POST instead of GET so that , no URL parameters are included. All the data will be in HTTP body

Sreehari

Show replies
Show replies
former_member200392
Explorer
‎07-24-2014 6:41 AM
0 Kudos

Hi sreehari,

I actually looked for this alternatives. Now its clear for me.

Thanks alot.

Regards,

S.Vikgnesh

sreehari_vpillai
Active Contributor
‎07-24-2014 6:43 AM
0 Kudos

Welcome

velsankar_sundar
Participant
‎07-23-2014 1:19 PM
0 Kudos

Hi all,

      I think you all misunderstood the question. I am asking whether i can hide or make it invisible (agencynum='00001756') as a whole.

So, that the enduser can not see anything,  which is passed.

Show replies
Show replies
sreehari_vpillai
Active Contributor
‎07-23-2014 1:21 PM
0 Kudos

H Sundar,

No you can not do it. Its the part of OData protocol.

Sreehari

ChandraMahajan
Active Contributor
‎07-23-2014 1:25 PM
0 Kudos

Hi,

end user can see the whole source code as well as can see query request made in Network tab of chrome developer console (F12).

and just from $metadata, end user will be able to see the complete EDM structure of OData service.

Regards,

Chandra

former_member200392
Explorer
‎07-23-2014 9:34 PM
0 Kudos

Hi chandra,

My client doesn't want to show url parameters in network tab or the console. Is there any other mechanism that we can use to hide url parameters? Otherwise how can we ensure no one hacks the application by using the url parameter. Please provide details. Your comments will really help me.

Regards,

S.vikgnesh

ChandraMahajan
Active Contributor
‎07-24-2014 6:47 AM
0 Kudos

Hi,

as mentioned in earlier response, end user is able to see your entire code as well as how the HTTP calls are being made to server in browser developer console tools (valid for almost all browsers having ability to open the console)

yes the other option could be encryption of the code but it has its own disadvantages. you can google on it. here is one good discussion javascript - Disable developer tools - Stack Overflow follow entire discussion to know more on pros and cons.

There is one concept javascript obfuscator. try http://javascriptobfuscator.com/

Here is example of JS code with obfuscator - JS Bin - Collaborative JavaScript Debugging&lt;/title&gt; &lt;link rel=&quot;icon&quot; href=&quot;h...

and original example as JS Bin - Collaborative JavaScript Debugging&lt;/title&gt; &lt;link rel=&quot;icon&quot; href=&quot;h...

I hope this will give some idea on encoding. but again it has its own disadvantages and need to use properly.

Regards,

Chandra

AshwinDutt
Active Contributor
‎07-23-2014 12:33 PM
0 Kudos

Hello Sundar,

If you have too many keys in your model then no. not possible.

Only one key, then yes. send the value in quotes as Chandra suggested.

Regards,

Ashwin

Show replies
Show replies
sreehari_vpillai
Active Contributor
‎07-23-2014 12:24 PM
0 Kudos

Hi Sundar,

You can not hide the agencynum parameter(yes you can do it, if there is only one key-as suggested by ). This is part of OData protocol. No donuts ofor you

Sreehari

Show replies
Show replies
ChandraMahajan
Active Contributor
‎07-23-2014 12:22 PM
0 Kudos

Hi,

you can query it as below,

/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/TravelagencyCollection('00001756')


Regards,

Chandra

Show replies
Show replies
Ask a Question