This seems to me just a flame about what the word 'security' exactly is :) acris-security is about bridging client and server, using server's authentication and authorization methods to add another layer for potencial "attacker" to skip (for common users what is not visible or editable is also not going to be broken). If you don't secure either you are opening another hole which could be used to break in. In GWT there is currently no way known to me how to bridge it, if there is we will welcome any constructive suggestions/contributions on how to improve/integrate/provide better ways for end users to be securely-comfortable with using GWT applications. It is clear to us that there is no effort without mistakes/bugs so we are open to any suggestions how to improve "security" as such both for developers and users.
On 11. Aug, 16:33 h., Peter Simun <[email protected]> wrote: > Hi Stefan, > > of course, client side code could never be secured! AcrIS security > fully depends also on securing the RPC services (on the server side, > client side security is an complementary security - some kind of nice > to have security) > The goal is: if the user does not have rights to see some parts of the > screens, it won't be displayed. If the user is not able to modify the > data, he will see the readonly components. > Anyway, server side security is also checking if the user is able to > execute methods or if he is able to modify/see data he are reguesting. > > This coupled approached gives you completly secured solution for GWT > applications. > > Peter > > On 11. Aug, 16:07 h., Stefan Bachert <[email protected]> wrote: > > > Hi Peter, > > > I had just a glance at acris. > > Acris is talking about a client side part. > > > No mechanism which depends on client side code could be secure! > > > So I would suspect acris to be a misconsception. > > At the moment I do not spend time to exactly find out what is wrong > > with acris. > > > Stefan Bacherthttp://gwtworld.de > > > On 11 Aug., 15:47, Peter Simun <[email protected]> wrote: > > > > Luis, why do you think that there is no security there? > > > > Please, read the article again and carefully, or go on the wiki > > > pages:http://code.google.com/p/acris/wiki/Security > > > > Peter > > > > On 11. Aug, 14:04 h., Luis Daniel Mesa Velasquez > > > > <[email protected]> wrote: > > > > I don't see anything about the encryption used in the RPC call to the > > > > userservice... so it's just a fancy 3rd party RPC call, no security > > > > there... > > > > > On Aug 10, 3:20 am, Peter Simun <[email protected]> wrote: > > > > > > Hi all, > > > > > > I just wanted to share with you the article about security in GWT > > > > > application.http://java.dzone.com/articles/securing-gwt-client-acris > > > > > > Serious security implementation is something that was missing almost > > > > > to each GWT developer. I saw many topics here in the forum about the > > > > > security, so maybe it will helps you to implement security in a > > > > > correct way. > > > > > > Peter -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
