We have one deployment of a GWT app where there is a Fortiweb firewall that blocks every GWT RPC call because it recognizes every call as a Java Method Injection attack. This seems to be caused by the presence of the pattern "java.lang." in the messages from the client to the server like the following:
7|0|7|https://host/app/app_gui/|BD9331DABCA5012FC56F3600DF03415F|com.app.gui.client.Bridge|getClientConfiguration|java.lang.St ring/2004016611|john|ADMINISTRATOR|1|2|3|4|2|5|5|6|7| My idea is to convince the firewall administrator that these are false-positives as these calls are part of the GWT RPC mechanism that does not allow arbitrary java code execution on the server side. Is my reasoning correct or am I not worried enough? -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/2e3678f0-8846-4a5c-a113-746383473e07n%40googlegroups.com.
