Yeah I'm wondering whether I need to do a slight overhaul and make it an authenticating web service rather than JSONP requests.
The application won't be storing any important information but as users tend to use the same password for their web services it is an issue. On Mar 23, 11:47 am, Thomas Broyer <[email protected]> wrote: > On 23 mar, 00:42, eggsy <[email protected]> wrote: > > > Are there any other ways? > > > For example if I code a GWT form with username and password and pass > > the values through with the JSONP request as parameters (doing my own > > verification server side) I'm getting the feeling that this would be a > > bad way to do it? > > Yup; unless you make your request over SSL/TLS (HTTPS) (but even then, > it would be "bad looking") > > You can eventually use HTTP-level authentication (using HTTP Basic -- > which sends credentials in the clear, so should be used over SSL/TLS > only-- or HTTP Digest on your server's side), and use an URL such as: > http://user:[email protected]/my.module.nocache.js > > > Could people strip/sniff the parameters because they would be in plain > > text?? > > Over SSL/TLS, no; otherwise, yes. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
