Skip to Content
Former Member
Sep 12, 2014 at 10:42 AM

Web service authentification: Password in plain text


Hi there,

I would like to deploy a SAPUI5 application (job application form) to an Apache web server.

The application will be calling various web services in SAP backend system (get list of countries etc.).

I call those web services via AJAX:

//Create request
var soapRequest =
  '<soapenv:Envelope xmlns:soapenv="" ' +
  'xmlns:urn="urn:sap-com:document:sap:rfc:functions">' +
  '<soapenv:Header></soapenv:Header><soapenv:Body>' +
// Get service URL
var sServiceUrl =
// Send request
var xmlhttp = new XMLHttpRequest();
              'POST', sServiceUrl, false, 'myUser', 'myPassword');
                        xmlhttp.setRequestHeader('Content-Type', 'text/xml');
                        var result = xmlhttp.send(soapRequest); 

The problem that I see is the fact that the password is stored in plain text in the JS source.

How can I avoid that??

What is the best practice regarding web service authentification.

Thanks in advance.

Best regards,