Excuse my illiteracy about gwt, I just started working on GWT last week. Yesterday I implemented my first rpc application and one thing makes me worried a little bit. I will compile and all the content will work on client and it will rpc server code without any authentication if I am not mistaken. So can anyone who figures out the url consume this service? If so, This is definitely not what I wanted, because I have to add rpc functionality to a pci compliant system which will break the requirements. I read the security article but I didn't see any references to this situation at all, so I thought maybe I am missing something it's not a problem but still not sure about it. Also without authentication and object validation system will be open to object injections. If I am right about my concerns, Can anybody give me a security model example?
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
