Thanks for your reply Walden, I would try to implement this solution and let you/ forum know about my progress or any other doubts. I appreciate your help.
On Oct 1, 10:08 am, walden <[EMAIL PROTECTED]> wrote: > In addition, note that it's relatively easy to mark-up a link or image > for malicious inclusion in an unsuspecting page. Note also that these > controls interact with the server through GET requests. So make sure > you follow REST adivce and make all your GET service routines "safe". > No side effects for GETS, in other words. > > Walden > > On Oct 1, 1:03 pm, walden <[EMAIL PROTECTED]> wrote: > > > Yes, and those cross-site attacks depend on your server (and/or your > > client) taking user input and blindly embedding it in the DOM, so that > > the user can create links and buttons and images and the like on the > > page you supposedly control. So don't do that, and then you can use > > HTTP standards for authentication. > > > Walden > > > On Oct 1, 8:40 am, Lothar Kimmeringer <[EMAIL PROTECTED]> wrote: > > > > walden schrieb: > > > > > However, I'm suggesting a simpler approach, one which I'm using on my > > > > project, which is simply configuring your server to protect the > > > > resources you want protected using HTTP Digest authentication. > > > > Depending on what your server is, find the documentation on > > > > configuring that. There's not a whole lot more to it. > > > > HTTP Digest authentication has the same problem like Session-IDs > > > in Cookies. A browser automatically transfer the authentication- > > > credentials for every request, so you're in danger of successful > > > cross-site-attacks. > > > > Regards, Lothar- Hide quoted text - > > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
