on 07-23-2014 12:16 PM
Hi Team,
Is it possible to hide the url parameters, when the gateway service is executed through UI5. For example from the below url is it possible to hide the parameter agencynum in the browser while it is passed to UI5.
/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/TravelagencyCollection(agencynum='00001756') .
Dear Experts,
Could any one please guide me to handle the following scenario.
1.Passing values to OData get request as request body instead URL parameters from UI5.
(i.e)instead passing like this ../XXXService/XXEnitySet?$filter=(XXX EQ '000)
is it possible to pass like this .../XXXService/XXXEntitySet
Request Body:
...
<XXX>000<XXX>
...
and getting the same in getEntitySet as a parameters.Something like post request,but this request calls the createEntity Method.
Dear Sreehari,
Could you please explain how to achieve this.
"do POST instead of GET so that , no URL parameters are included. All the data will be in HTTP body".
but it should not trigger createEntity method.
Thanks & Regards,
Rumeshbabu S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
I just got to go through this link in sdn. It says how to handle confidential data in Odata urls
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Providing the key values in the GET operation is part of OData protocol, which can not be hidden in any case.But, you can try the below alternatives,
Sreehari
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
I think you all misunderstood the question. I am asking whether i can hide or make it invisible (agencynum='00001756') as a whole.
So, that the enduser can not see anything, which is passed.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi chandra,
My client doesn't want to show url parameters in network tab or the console. Is there any other mechanism that we can use to hide url parameters? Otherwise how can we ensure no one hacks the application by using the url parameter. Please provide details. Your comments will really help me.
Regards,
S.vikgnesh
Hi,
as mentioned in earlier response, end user is able to see your entire code as well as how the HTTP calls are being made to server in browser developer console tools (valid for almost all browsers having ability to open the console)
yes the other option could be encryption of the code but it has its own disadvantages. you can google on it. here is one good discussion javascript - Disable developer tools - Stack Overflow follow entire discussion to know more on pros and cons.
There is one concept javascript obfuscator. try http://javascriptobfuscator.com/
Here is example of JS code with obfuscator - JS Bin - Collaborative JavaScript Debugging</title> <link rel="icon" href="h...
and original example as JS Bin - Collaborative JavaScript Debugging</title> <link rel="icon" href="h...
I hope this will give some idea on encoding. but again it has its own disadvantages and need to use properly.
Regards,
Chandra
Hello Sundar,
If you have too many keys in your model then no. not possible.
Only one key, then yes. send the value in quotes as Chandra suggested.
Regards,
Ashwin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
you can query it as below,
/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/TravelagencyCollection('00001756')
Regards,
Chandra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.