I had the same problem a few months ago and the solution was this

Hi All,

My question to SAP in this context is -

we can simply hide the password if we are using a parameter name starts with pwd. e.g - pwd.Value, pwd_set etc. But this is possible only with adapter module. I have created few custom adapter modules where passwords needed to be passed as parameter and this worked.

Then why the same can not work in case of interface or receiver determination parameter passing for mapping.

Thanks

Sugata Bagchi Majumder

picture added

HI Patnaik,

i am not expert but you can see my thought.

why not you make one z-table in sap PI and store both userID/Password and Session id correspond to both.

and use rfc lookup to get at one go.

and give access to that table only few users that u want to.

you can also encrypt the password filed at abap table level  and use by java mapping.

this approach can help you to maintain for transportation also

Regards

Gagan

Hi Hemanthika,

Here are my thoughts on this

1. Use Value mapping and control the User ID/ Password in ID:- Good option but you can't hide user id and password. Makes future changes in userid/password easier for developers.

2. Use Parametrized Java mapping and control the User ID/ Password in ID.:- Developers have to know java mapping an how to set parameters. Many developers who do not come from java background might face problems in doing so.

3. From System Property get the SID i.e PID or PIQ or PIP and then put a if else condition to select the respective user id and password:-  Better leave this option. Over the time Business changes and they might decide to replace the servers or clone them. While cloning the server the internal system property including SID will change (90% probability). Then the developers will have to change the hard coding associated with it.

"I would like to go with option 1 and 2 and In both the cases I expose my password to other developers. Can I hide my password field like we have in password fields where it shows up as asterisk charaters ?Which of the two above option is suggested ?"

ans) You need to ensure that in future the project maintenance should go on, even if you decide to move on.

The developers who take over should be easily able to understand the whereabouts of the username and password. Thus I would suggest a fourth option that is message mapping. Supply the username and password as constant fields in message mapping(MM). The message mapping should precede the java mapping code in the same operation/interface mapping. The userid and password will be hard coded in MM. The MM serves as input to java mapping. If you want to hide the actual password then in constant field specify it in a reverse way and use and UDF to make it correct before feeding it to java mapping. That is if password is xyz@123  it becomes say 321@zyxbefore reaching java mapping. Thus even if password is exposed its not the actual one. Developers have to study the UDF to find the actual password.

"Like when I get the the session id from the web  service it says 14000 secs the session is valid, so that means we can reuse this session id rather than each time getting the session id. So what is the best way to handle this"

ans) You cannot take chances here as you do not know when this session id gets invalid. to use same session id valid through out the day , it should remain the same for 86400 secs. Thus you have to generate a new session id each time you are accessing the web service. If you are calling web service multiple times within same scenario then the best option is what you have suggested " The only option I think is storing it in some z table and doing a soap rfc lookup." . You can also store it in temporary files in PI server using UDF (but safer option is to use Z tables).

Finally "Can I hide my password field like we have in password fields where it shows up as asterisk charaters ?"

ans) I don't think you have this option in SAP PI. you can wait for experts to respond on this.

Regards

Anupam