Imagine the following scenario:
- I have an ui5 app on which every time the user hits a button, user id, date and time is logged on hanna database (cloud) by calling xsjs service (cloud).
- The credentials to access the xsjs service are maintained in the destination on scp (I understand that such credentials are not user specific, but global, which means it’s the same user/password regardless of the logged in user on ui5 app).
If that’s the case then every time the user presses the button, I have to call the xsjs service and pass user id, date and time. The problem is, since the call is made from the browser, a malicious user could set a break point on the ajax call and change the user id to someone else’s, causing incorrect data to be sent to the backend.
How is this scenario handled on SAP Hana? Is there some kind of session Id that can be passed on a header from the ui5 app to the xsjs service and then get this xsjs service to retrieve user information (user is for example) by querying sap with session id?
Hope my question is clear enough.
Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.