I’m building an interactive javascript application that needs to make some SOAP requests to a 3rd party server. The problem is the server only accepts basic WS-Security authentication, i.e. plaintext username and password. The simplest solution is to hardcode the username and password into the Javascript then make ajax calls, but obviously that is terrible from a security standpoint (someone can easily view the page source)
The only way I can think of to overcome this is to have a second server where the SOAP username and password is stored, say in a PHP file. Then the Javascript application can make a ajax call to the server, then the server runs the logic and authenticates with the SOAP server. Someone could still make ajax calls to the server outside of my page, but at least they couldn’t get at the username and password
I’m thinkng there has to be a better solution, but I can’t think of anything else, anyone have any other ideas? Thanks
I think that the best solution is to do the logic in the server side, and if you can, try to use ssl. then you make the ajax calls to the file that does the logic in the same server were you are serving the HTML/Javascript code.