Just make sure that your server applies controls over who can read/write what data. You have absolute control over the server, so you can maintain appropriate security there. Then it doesn't matter so much from a security standpoint whether the client is capable of displaying inappropriate widgets (since it can only get data it's allowed to see anyway).
You probably should use code splitting so that users don't have to load code into the client that they're not allowed to use, but that's for efficiency rather than security reasons. HTH Paul KaiWeing wrote: > Hello, > > we are evaluating GWT as a basis for different kinds of enterprise > applications we have here. Some of those have controls which must only > be displayed for users in a certain role, also, the decision which > controls to display must be made at serverside, to avoid clientside > manipulation. > > How can I implement such a requirement securely in GWT? > > Should this be solved via deferred binding (that would require that > deferred binding could take the server-state into account)? > > Is there a pattern for this in GWT or any extension library? > > Thanks very much for your feedback! > > Kai > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
