Hi there,
I would like to deploy a SAPUI5 application (job application form) to an Apache web server.
The application will be calling various web services in SAP backend system (get list of countries etc.).
I call those web services via AJAX:
//Create request
var soapRequest = '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" ' + 'xmlns:urn="urn:sap-com:document:sap:rfc:functions">' + '<soapenv:Header></soapenv:Header><soapenv:Body>' + '<urn:ZBC_GET_COUNTRIES></urn:ZBC_GET_COUNTRIES>' + '</soapenv:Body></soapenv:Envelope>';
// Get service URL
var sServiceUrl =
getUrl("/sap/bc/srt/rfc/sap/zbc_get_countries/010/zbc_get_countries/zbc_geCountries");
// Send request
var xmlhttp = new XMLHttpRequest(); xmlhttp.open('POST', sServiceUrl, false, 'myUser', 'myPassword'); xmlhttp.setRequestHeader('Content-Type', 'text/xml'); var result = xmlhttp.send(soapRequest); console.log(result);
The problem that I see is the fact that the password is stored in plain text in the JS source.
How can I avoid that??
What is the best practice regarding web service authentification.
Thanks in advance.
Best regards,
Thorsten.