On Wed, Jan 21, 2009 at 23:47, adambossy <[email protected]> wrote:
> > What is the big advantage of using GWT RPC over Request Builder > [http://code.google.com/docreader/#p=google-web-toolkit- > doc-1-5&s=google-web-toolkit-doc-1-5&t=GettingStartedJSON<http://code.google.com/docreader/#p=google-web-toolkit-doc-1-5&s=google-web-toolkit-doc-1-5&t=GettingStartedJSON>] > or simply > JSON via HTTP [http://code.google.com/docreader/#p=google-web-toolkit- > doc-1-5&s=google-web-toolkit-doc-1-5&t=GettingStartedJSON<http://code.google.com/docreader/#p=google-web-toolkit-doc-1-5&s=google-web-toolkit-doc-1-5&t=GettingStartedJSON>]? > I'm > generating all the code anyways, so why not generating something > simpler than RPC? > None, really. JSON over HTTP is probably your best bet here. There's already magic JSON libraries for Python object graphs. And if you can generate the JavaScriptOverlay objects for use in Java, then you have pretty much what you need. GWT RPC has some protections against XSRF type attacks, like prefixing the response with "//" so browsers won't execute it if obtained via a <script> inclusion tag. It also uses HTTP POST by default to reduce the chances a <script> tag can invoke the RPC, and it embeds an extra HTTP header that makes it harder for <script> tags to initiate a call that might modify data on the server. But its still not prefect as GWT RPCs can still be spoofed via standard AJAX calls. You'll want to do some research on current XSRF protection techniques and implement them in your application. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
