AnsweredAssumed Answered

How to hide properties values to end-users?

Question asked by cperez on Sep 17, 2014
Latest reply on Sep 20, 2014 by kaynezhang
Hi all

I try to get the alf_ticket using ajax within a ftl page using the username and the password in properties file, but my page show the login and password if in my browser I select "inspect element" or if I use firebug.

My nodeAct.get.html.ftl file is :


<html>
   <head>
      <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
      <script type="text/javascript">
         jQuery.support.cors = true;
         var urlTicket = "${url.serviceContext}/api/login?u=" +${un}" "&pw=" +${up};
         var ticket = "";
         var request = $.get(urlTicket, function(data,status){
            ticket = data.toString().substring(48,95);
            //window.location.href = "${url.serviceContext}/doAct?nId=${nId}${arguments}&alf_ticket="+ticket;
            },'html'
         );
         request.error(function(jqXHR, textStatus) {
            if (textStatus == 'error'){
               status.code = 403;
               status.message = "User not found.";
               status.redirect = true;
            }
         });
      </script>
      <title>Show file</title>
   </head>
   <body>

   </body>
</html>


and my nodeAct.get.properties file is:

un=admin
up=aold_pss



What can I do to hide the user and the password to users??

Thanks a lot in advance

Outcomes