First of all thank you both for helping. What the article suggests (i read it twice but without a big snippet code i don't understand everything) is to:
- make a login box (user and pass) - Call the server with RPC. The server answer back with a boolean (Valid or NotValid) and a SessionID. - The Client get the two vars, and when tries to do something in Admin Mode (like uploading a file or something) sends also that sessionID. If is still valid on the Server, it goes well, else it sends back an error to the client. The Admin area is still attached like Trevis said: with a RootPanel.add (AdminArea) if the Callback got success. So, the SessionID would prevent the fact that a malicious user could reverse-eng the javascript code and use the admin area without any permission, right? If what i said is correct (or seems to be) then i'll try to write it down and i'll let you know! Nickelnext --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
