On 28 oct, 18:34, gwtfanb0y <[email protected]> wrote:
> I would say that every Web Application which has its security only
> inside the Frontend (Browser) is per default insecure.
> If an evil person is smart, he can manipulate the JavaScript and make
> invisible forms visible, submit not verified data
> and can change the current userid & password when stored inside the
> client.
Oh, sure, if the attacker as direct access to the user's computer, he
can do many things to compromise it. Otherwise, he'll be blocked by
the "same origin policy", which is way more secure than cookies!
And GWT tries to not have things in the "global scope"; so even if you
stored username+password in "GWT variables", they wouldn't be
accessible from script other than your GWT application.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
