Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Web service authentification: Password in plain text

Hi there,

I would like to deploy a SAPUI5 application (job application form) to an Apache web server.

The application will be calling various web services in SAP backend system (get list of countries etc.).

I call those web services via AJAX:

//Create request

var soapRequest =

  '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" ' +

  'xmlns:urn="urn:sap-com:document:sap:rfc:functions">' +

  '<soapenv:Header></soapenv:Header><soapenv:Body>' +

      '<urn:ZBC_GET_COUNTRIES></urn:ZBC_GET_COUNTRIES>' +

      '</soapenv:Body></soapenv:Envelope>';

// Get service URL

var sServiceUrl =

getUrl("/sap/bc/srt/rfc/sap/zbc_get_countries/010/zbc_get_countries/zbc_geCountries");

// Send request

var xmlhttp = new XMLHttpRequest();

                        xmlhttp.open('POST', sServiceUrl, false, 'myUser', 'myPassword');

                        xmlhttp.setRequestHeader('Content-Type', 'text/xml');

                        var result = xmlhttp.send(soapRequest);

                        console.log(result);

The problem that I see is the fact that the password is stored in plain text in the JS source.

How can I avoid that??

What is the best practice regarding web service authentification.

Thanks in advance.

Best regards,

Thorsten.

Tags:
Former Member
Not what you were looking for? View more on this topic or Ask a question