Thomas, Charlie, thanks much for the details and pointers. I agree keeping sign-in and signup separate from GWT app is a good approach, thanks for the suggestion.
also, i tried this approcah today, if i switch on HTTPS/SSL on my Jboss server which i am using to deploy my gwt app ( and turnoff http ), all communication can happen over https. this will ensure all comunication btw my client and server are safe, gwt or servlet. am i correct in my assumption, please let me know. thanks Hari On Sep 8, 3:07 am, Charlie Collins <[EMAIL PROTECTED]> wrote: > As Thomas stated, make sure you use HTTPS. Also, I am not sure if > this is the one you read or not > -http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecur... > - but it has some useful info (and notes https at the bottom, pointing > to another useful thread as well). > > On Sep 7, 11:02 pm, harimack <[EMAIL PROTECTED]> wrote: > > > Hi All, > > > i am a new to Security, i am using GWT-RPC for login, i read the GWT > > LoginFAQ, and see that they are recommending using GWT-RPC for login, > > but my concern is, how secure is GWT-RPC over the wire, if some one is > > sniffing, is the data protected over the wire ?. Can you please let me > > know how would you approach login if you were using GWT-RPC. > > > thanks for the help > > Hari --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
