• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0

hiding username/password in xml from user

Explorer ,
Aug 02, 2015 Aug 02, 2015

Copy link to clipboard

Copied

Since BC doesn't allow any serverside code, how do I securely pass login and password in request xml without exposing that to the user. I can just do it in javascript/jquery but the user can see that. Can I use Liquid so only the returned xml is seen by the user?

Here's the xml I need to pass:

<?xml version="1.0"?>
<!DOCTYPE Request SYSTEM "hConnect_3.dtd">
<Request>
<InfoRequest>
  <AGID>AIDT</AGID>
  <Password>SECRETPASSWORD</Password>
  <ReturnInfo>Y</ReturnInfo>
</InfoRequest>
</Request>

Views

1.3K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 02, 2015 Aug 02, 2015

Copy link to clipboard

Copied

In what regard?

You need to provide some more context please.
Why are you using XML... You mean you want to use the API or .... ?

What are you trying to achieve?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Aug 02, 2015 Aug 02, 2015

Copy link to clipboard

Copied

Hi Liam, thanks for the quick response. It's to retrieve information from a 3rd party website. It's available in xml format. These are the instructions:

"using HTTP GET or POST requests, made to the URL. Requests and responses are XML documents. A DTD specifies the formats of XML documents exchanged. Each XML document sent has a  Request root element, and each XML document sent by hostConnect has a  Reply  root element. The usual way of sending an XML requests is to send a HTTP POST with a content type of  text/xml, and the XML document in the body of the POST request. The content type of the reply message is also  text/xml. Alternatively, the XML document can be supplied as the value of the XML parameter in form-urlencoded format in a GET or POST request. In this case the reply message is  text/xml."

The xml I send will include my username and password, so the requests can't be publicly visible in the page.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Aug 02, 2015 Aug 02, 2015

Copy link to clipboard

Copied

I think you are talking about this website, that info refers to their website not BC's.

http://www.tourplan.com/support/interface-specifications/version-3-00-000/

On BC you can render the page as JSON if you throw &json=true in the querystring if that helps you.

If you are using BC SOAP / XML API, it is not built to use client side (as you need to put a username and password in it).

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 02, 2015 Aug 02, 2015

Copy link to clipboard

Copied

Yep, as above.

If your using BC api the data you send is only through secure connection your authorise with a username and password. Not sent as plane text or xml etc.

If your referring to front end BC does not run off XML like that and you do not access customer information in that way.

So what you reading will not be BC.
I wont do it but I guess BCMAN you whacked that into google and that page came up hey. (smart move)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Aug 02, 2015 Aug 02, 2015

Copy link to clipboard

Copied

*taps nose* ... but yes because that wasn't BC documentation

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Aug 02, 2015 Aug 02, 2015

Copy link to clipboard

Copied

it is their site/db I would be retrieving the info from, so I need to send a username/password (for their site not the BC username/password).

So it's not possible to send that securely from a BC site?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Aug 02, 2015 Aug 02, 2015

Copy link to clipboard

Copied

New2oop: No, there is no server side coding like that (currently) with BC, if you want to do that you'll need a middle man server that talked to both BC and the other server.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Aug 03, 2015 Aug 03, 2015

Copy link to clipboard

Copied

Can you link to an example of a middleman server doing that. How do I pass authorisation to the middleman?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 03, 2015 Aug 03, 2015

Copy link to clipboard

Copied

Right now it will be you using the BC SOAP API and coding your solution in your preferred language be it .net, python, php on your server/hosting.

Maybe the BCMan can expand more on that if you need it.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Aug 03, 2015 Aug 03, 2015

Copy link to clipboard

Copied

LATEST

The middle man server just translates the languages / formats from one system to another, there are no examples I can give you as every implementation is different. Perhaps an example is onesaas.com which talks to many systems (in many languages). You need to make something that communicates with one system in the format required and then with BC's. BC documentation SOAP is somewhat helpful.

The authorization is done via the middle man server, I call it that because it sits between both servers

___BC SERVER____ <------- middle man server -------> ___Other SERVER____

So depending on what you are doing you can get the middle man server on a timer to sync stuff, if you need it real time you can use Javascript / PHP or another serverside language on the middle man server to collect the data you need a return it / store it. Just depends what your implementation is.

Let us know how you see the functionality working.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines