Thanks, I did some quick research, it seems SSL is not just an easy way to use, especially if you have one Tomcat hosting multiple site (this is the case here).
Ahmad On Feb 2, 12:07 pm, Alexander <[email protected]> wrote: > +1, just use SSL > > On 2 February 2010 15:51, Lothar Kimmeringer <[email protected]> wrote: > > > > > > > Ahmad Bdair schrieb: > > > > I am doing some login pages using GWT, and I want to send the > > > Username/ Password to server using RPC, I've been looking to secure > > > way to transfer it but I am not sure I found a specific answer > > > You can send the password in plain text using SSL. Another way would > > be to implement some challenge response system. The server sends a > > challenge (some random data) and the client encrypts this data > > using a cryptography key generated from the username/password- > > combination. > > > I haven't tried it out but the latter in Javascript doesn't sound > > very performant. Especially if SSL is another way secure enough > > and supported by all browsers where a web-application might run on, > > motivation to implement such a thing is quite low. > > > Regards, Lothar > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google Web Toolkit" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<google-web-toolkit%2Bunsubs > > [email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-web-toolkit?hl=en. > > -- > Regards, > Alexander -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
