Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Hide url Parameters

velsankar_sundar
Participant

on ‎2014 Jul 23 12:16 PM

0 Likes
3,705

Hi Team,

            Is it possible to hide the url parameters, when the gateway service is executed through UI5. For example from the below url is it possible to hide the parameter agencynum in the browser while it is passed to UI5.

/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/TravelagencyCollection(agencynum='00001756') .

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
velsankar_sundar
Participant
‎2014 Jul 23 1:19 PM
0 Likes

Hi all,

      I think you all misunderstood the question. I am asking whether i can hide or make it invisible (agencynum='00001756') as a whole.

So, that the enduser can not see anything,  which is passed.

Show replies
Show replies
sreehari_vpillai
Active Contributor
‎2014 Jul 23 1:21 PM
0 Likes

H Sundar,

No you can not do it. Its the part of OData protocol.

Sreehari

ChandrashekharMahajan
Active Contributor
‎2014 Jul 23 1:25 PM
0 Likes

Hi,

end user can see the whole source code as well as can see query request made in Network tab of chrome developer console (F12).

and just from $metadata, end user will be able to see the complete EDM structure of OData service.

Regards,

Chandra

former_member200392
Explorer
‎2014 Jul 23 9:34 PM
0 Likes

Hi chandra,

My client doesn't want to show url parameters in network tab or the console. Is there any other mechanism that we can use to hide url parameters? Otherwise how can we ensure no one hacks the application by using the url parameter. Please provide details. Your comments will really help me.

Regards,

S.vikgnesh

ChandrashekharMahajan
Active Contributor
‎2014 Jul 24 6:47 AM
0 Likes

Hi,

as mentioned in earlier response, end user is able to see your entire code as well as how the HTTP calls are being made to server in browser developer console tools (valid for almost all browsers having ability to open the console)

yes the other option could be encryption of the code but it has its own disadvantages. you can google on it. here is one good discussion javascript - Disable developer tools - Stack Overflow follow entire discussion to know more on pros and cons.

There is one concept javascript obfuscator. try http://javascriptobfuscator.com/

Here is example of JS code with obfuscator - JS Bin - Collaborative JavaScript Debugging</title> <link rel="icon" href="h...

and original example as JS Bin - Collaborative JavaScript Debugging</title> <link rel="icon" href="h...

I hope this will give some idea on encoding. but again it has its own disadvantages and need to use properly.

Regards,

Chandra

Ask a Question