Hi Stefan , I'm not sure I understand your point.
Say we have api.site.com, with the back-end written in a non-Java tech, which offers REST APIs over SSL such as POST login Body: data username, password Response: auth token GET tweets header: auth token Body: none Response: tweets api.site.com will return on all headers Access-Control-Allow-Origin: * so that the UI can be served from ui.com but still access the APIs (same origin policy). There won't be anything else on api.site.com besides stateless APIs (no cookies, no html files). [Is this secure?] User navigates to ui.com. The UI gets username & password, passes it to api.site.com, then it will store auth token and use it on all further requests (same as a cookie stories session id on other systems). How is this less secure than GWT-RPC approach? On Aug 11, 10:23 am, Stefan Bachert <[email protected]> wrote: > Hi marius, > > using REST, SOAP, JSON directly from the browser client is always > insecure. > This is because the browser client has to know the credentials. > Either these services are not protected at all, or your credentials > are likely to be stolen. > > When you need a minimum of security and privacy, your gui browser > client should only talk via GWT-RPC to a GWT-server under your > control which gathers all data from REST, SOAP or JSON services. > > Stefan Bacherthttp://gwtworld.de > > On 10 Aug., 04:27, "marius.andreiana" <[email protected]> > wrote: > > > > > Hi, > > > We're working on a large project, which has the back-end is written in > > a non-Java technology, with REST APIs. We're looking for a framework > > to replace the current UI. > > > I did a brief analysis of using > > GWT:https://docs.google.com/document/edit?id=16rQknO-r3ZqfMbuIl0R52OnFcWB... > > > I'm looking to get this group's feedback before I present my findings > > to the team. What do you think? > > > Thanks, > > Marius -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
