Skip to Content
0
Former Member
Sep 12, 2014 at 10:42 AM

Web service authentification: Password in plain text

53 Views

Hi there,

I would like to deploy a SAPUI5 application (job application form) to an Apache web server.

The application will be calling various web services in SAP backend system (get list of countries etc.).

I call those web services via AJAX:

//Create request
var soapRequest =
  '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" ' +
  'xmlns:urn="urn:sap-com:document:sap:rfc:functions">' +
  '<soapenv:Header></soapenv:Header><soapenv:Body>' +
      '<urn:ZBC_GET_COUNTRIES></urn:ZBC_GET_COUNTRIES>' +
      '</soapenv:Body></soapenv:Envelope>';
// Get service URL
var sServiceUrl =
getUrl("/sap/bc/srt/rfc/sap/zbc_get_countries/010/zbc_get_countries/zbc_geCountries");
// Send request
var xmlhttp = new XMLHttpRequest();
                        xmlhttp.open('POST', sServiceUrl, false, 'myUser', 'myPassword');
                        xmlhttp.setRequestHeader('Content-Type', 'text/xml');
                        var result = xmlhttp.send(soapRequest); 
                        console.log(result);

The problem that I see is the fact that the password is stored in plain text in the JS source.

How can I avoid that??

What is the best practice regarding web service authentification.

Thanks in advance.

Best regards,

Thorsten.