on 07-14-2008 6:03 AM
Hi Gurus,
Is there any probability to hide the extra url parameters,
for eg i am passing a Employee Number as URL+&Empno=456. from the program.
If the user knows other employee numbers he can directly paste and see the info.
Is there any chance to hide the extra parameters after logging into the Appplication .
I think another option would be to use POST parameters, instead of GET (sending them on the request body, they're not visible to the user in the URL).
Depending on how you are currently calling your application, maybe this options requires quite more work, as you'll probably need to create an HTTP client object to be able to build up a request. I've never done this myself yet but I know the class CL_HTTP_CLIENT is available for this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can possibly avoid looking at other's information by checking the sy-uname with the infotype 105 with subtype 001 of the current executed employee number
Abhi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Abhimanyu,
I am having another application A say that userid XYZ123 and Employee Number is 12345 . In that application there is another employee number link say 456, if he is clicking 456 these employee number is passed as URL empno=456 in the second application say B, i need the application B to hide the Xtra URL empno= to be hided , so that he cannot use the same application once more by simply copy paste another Emp no( 789 if the knows ).
In the First application A we wil give him the 5 Emp Numbers , So that it calls the application B via those 5 Emp Numbers, If he knows the other employees he can paste their numbers in the URL and see.
IF there is another way to achieve this scenario let me know
Hi Vikranth
you can still achieve this with the check infotype 105, nyways
How are you navigating to that application, is it by LinkToURL ?
make it LinkToAction and
You can make use of Cross Components and use that Employee Web Dynpro component inside your component and navigate to that component using Plugs and pass the Employee number as a plug parameter, this way it is not visible to the user
Abhi
If both applications are ABAP based and run on the same ABAP-AS instance you could use Server Side Cookies or do an Export to Database to pass the parameter. Each will temporarly store the values in the database and you can just pass a GUID key to the other application via URL parameter so it knows which record to read from the DB. You could also consider encoding the parameter in Base64 - like the URL mangling in BSP. This isn't hacker proof since Base64 is very simple to decode, but would stop the causual user from being able to type in a URL parameter value.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.