What about SOP, I mean if you use https on the login page then how to proceed to the other pages after login ? I mean after login all the other pages would have to be on https right ?
or am I missing something ? - Abdullah On Tue, Feb 2, 2010 at 3:21 PM, Lothar Kimmeringer <[email protected]>wrote: > Ahmad Bdair schrieb: > > > I am doing some login pages using GWT, and I want to send the > > Username/ Password to server using RPC, I've been looking to secure > > way to transfer it but I am not sure I found a specific answer > > You can send the password in plain text using SSL. Another way would > be to implement some challenge response system. The server sends a > challenge (some random data) and the client encrypts this data > using a cryptography key generated from the username/password- > combination. > > I haven't tried it out but the latter in Javascript doesn't sound > very performant. Especially if SSL is another way secure enough > and supported by all browsers where a web-application might run on, > motivation to implement such a thing is quite low. > > > Regards, Lothar > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-web-toolkit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
