On Sep 10, 9:56 pm, Sri <sripathikrish...@gmail.com> wrote:
> If you have built your site correctly, a malicious browser cannot harm
> your site.
>
Vacuously true. In practice there are huge problems if you can't
trust your browser, which you can't.
Lets construct a simple example. Suppose I have a web site with a
user database, and you want
to get the list of user email addresses so you can spam them. If
there were a simple RPC somewhere
in the interface where the client supplied a user name, and the client
responds with an email address,
you could use this RPC to convert a list of users into a list of email
addresses.
Effectively, every RPC becomes a new place where the user gets to type
nonsense. Sure, it's possible
to be super paranoid about the contents of every incoming call, but
it's not a very natural programming
style, and not especually supported or encouraged by GWT. In fact,
GWT encourages the opposite; to
treat RPC transactions as the same as function calls within a closed
program.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
