What do you mean by "shared mode " ? Can you plz detail a little bit,with a use case or so ?
On Sun, Jul 5, 2009 at 4:16 AM, Thomas Broyer <t.bro...@gmail.com> wrote: > > > > On 3 juil, 06:59, ytrewqsm <ytrew...@gmail.com> wrote: > > I read this on with several ocassions while reading about GWT. > > > > Now can anyone clear this for me ? > > > > 1)What this means that on server side is recommended not to use > > servlet session ? > > To keep things simple: yes. > > > 2)How can i secure the application if the client only has state and > > server is stateless ? > > I don't understand... Read about "REST", it says it all. > > > 3)BTW Each time i pass credential on method calls ? Is that not > > something insecure ? > > How would you do it otherwise? > Having a stateless server doesn't mean you have to send username/ > password on each request; you could very well establish a first > handcheck and then send an auth ticket on each call. I'd say that for > this handcheck you *could* use a servlet session (that would be the > only exception when you could use one), though I wouldn't recommend it > security-wise (search for CSRF, e.g. > http://www.adambarth.com/papers/2008/barth-jackson-mitchell-b.pdf > ) > > > 4)How can those be passed securely ? > > See above. > > But in a few words, when one talks about a stateless server, one > generally don't talks about authentication, as this requires some sort > of "shared state" to make it secure. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
