Shared mode ? What is that ? On 5 Iul, 04:16, Thomas Broyer <[email protected]> wrote: > On 3 juil, 06:59, ytrewqsm <[email protected]> wrote: > > > I read this on with several ocassions while reading about GWT. > > > Now can anyone clear this for me ? > > > 1)What this means that on server side is recommended not to use > > servlet session ? > > To keep things simple: yes. > > > 2)How can i secure the application if the client only has state and > > server is stateless ? > > I don't understand... Read about "REST", it says it all. > > > 3)BTW Each time i pass credential on method calls ? Is that not > > something insecure ? > > How would you do it otherwise? > Having a stateless server doesn't mean you have to send username/ > password on each request; you could very well establish a first > handcheck and then send an auth ticket on each call. I'd say that for > this handcheck you *could* use a servlet session (that would be the > only exception when you could use one), though I wouldn't recommend it > security-wise (search for CSRF, > e.g.http://www.adambarth.com/papers/2008/barth-jackson-mitchell-b.pdf > ) > > > 4)How can those be passed securely ? > > See above. > > But in a few words, when one talks about a stateless server, one > generally don't talks about authentication, as this requires some sort > of "shared state" to make it secure.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
