The public/private/protected/package status of java fields is 100% irrelevant from a security perspective. It's just there to help keep your code clean. The data is still being passed across the wire in a simple, easily-decoded protocol that any sniffer can translate.
If you're passing sensitive data across the internet, you *certainly* need to use SSL at the very least. Having getters/setters vs public fields is purely a stylistic concern in this context. Jeff On Tue, Jul 12, 2011 at 4:52 AM, Drew Spencer <slugmand...@gmail.com> wrote: > Thanks for the great reply as always Jeff. > > In contrast to you, my app is going to be used only by employees of my > company, so preferably I would like to have all data sent over the wire > encrypted. We're talking about employees of my company accessing data about > our clients - so it is very sensitive data and I would think therefore that > whether I need to use a DTO or not, everything should be private. Is this > correct, or is it ok to use public properties without getters and setters as > long as I'm encrypting the data? > > Cheers, > > Drew > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/google-appengine-java/-/YQX1oC92g6AJ. > > To post to this group, send email to > google-appengine-java@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine-java+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.