cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hiding Login Credentials when using REST Web Services SDK

Go to solution
Former Member

on ‎05-14-2016 8:24 AM

0 Kudos

When I post the login credentials to use Restful API,

I will be exposing these sensitive details in my Javascript Code.

Problem is that I will be distributing a web page with these Javascript Code in it...

Users can press F12 and hack these information...



<attrs xmlns="http://www.sap.com/rws/bip">


<attr name="userName" type="string">


</attr>


<attr name="password" type="string">


</attr>


<attr name="auth" type="string" possibilities="secEnterprise, secLDAP, secWinAD, secSAPR3">


</attr>


</attrs>

Is there any way to camouflage these sensitive information...?

Thank you...

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-22-2016 1:27 PM
0 Kudos

I found article below.

CodingForums.com

I do not know if it is a good practice, but I did following to kind of solve this.

Let us say password = abc



var FakePass = "1a2b3c" 


FakePass = FakePass.replace(/[0-9]/g, "") 




var body ='{"userName":"Hayden", "password": "+FakePass+", "Auth": "SecEnterprise"}';
Show replies
Show replies

Answers (2)

Answers (2)

former_member197386
Active Contributor
‎05-17-2016 12:59 PM
0 Kudos

Hello Hayden,

As said by Dan, you have several ways to login using RESTful webservices. Did you try others?

You want to prompt your users for entering password?

Regards,

Anthony

Show replies
Show replies
Former Member
‎05-17-2016 4:39 PM
0 Kudos

Thank you Anthony for your kind message

.

1. I am creating a web page with real-time D3.js visualization charts.

The data is coming from Business Object reports.

2. I do not want prompts.

This page will go public within my company.

Most of the audience do not have Business Object access.

So I do not want my password/user details in the JavaScript source code...

Somebody with malicious intent can see my login credentials by doing F12.

3. Problem is I cannot work on server-side.

So I am looking for solutions for client-side.

Something like creating Hash or making it difficult to read...

http://www.webdeveloper.com/forum/showthread.php?235073-hide-password-info-in-source-code

daniel_paulsen
Active Contributor
‎05-16-2016 8:36 PM
0 Kudos

Hi Hayden,

Try using trusted authentication.  You can find information in the BI Platform RESTful Web Service Developer Guide in section 5 of the guide for enabling Trusted Authentication

GET  ...biprws/logon/trusted

Dan

Show replies
Show replies
Former Member
‎05-17-2016 4:31 PM
0 Kudos

Thank you for your reply...

1. I am afraid I do not have access to Developer Guide.

But thank you anyway. I googled trusted authentication.

2. It sounds like it requires work in back-end (writing Java code)...?

I do not have access to back-end.

I am trying to do all on client side...


In my particular circumstances,

passing a username/password seems the only option...

Is there any way to solve this problem for me..?

Ask a Question