ارسال عربي 2010/9/1, Gerhard Davids <[email protected]>: > Well said Chris, > > And as Chris mentioned : XSS is a big problem. > > Make sure to spend time to create XSS safe methods for UI objects > especially those that are bound to data from user input. > Pure java problem like the one you mentioned don't hold water on the > web client. > Just for the sake of completeness GWT is compiled to JS only and makes > use of HTML. No java is run on the client. > > On Sep 1, 6:30 am, Chris Conroy <[email protected]> wrote: >> The PasswordTextBox results in an <input type='password'> element on the >> page which is handled by the browser in the same way all other such >> password >> boxes. >> >> And, to be a bit pedantic..If you assume an attacker has access to the >> address space of your program, then what would stop him from reading said >> characters at the time of password entry? The security issues you should >> be >> worried about are things like cross-site scripting attacks. >> >> >> >> >> >> On Tue, Aug 31, 2010 at 4:24 PM, drtman <[email protected]> wrote: >> > According to at least one source, passwords should not be stored as >> > strings in Java since they are immutable and could be readable from >> > memory later even if the reference is nulled. So I was wondering how >> > PasswordTextBox maintains its value under the hood? I know that >> > getText() returns a string but is it coming from an instance variable >> > maintained on the class? If so I was thinking of writing my own class >> > that uses a keypress event handler to maintain a char array which is >> > more secure since it can be nulled out. >> >> > Just curious what anyone else's thoughts are on this. >> >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Google Web Toolkit" group. >> > To post to this group, send email to >> > [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]<google-web-toolkit%2Bunsubs >> > [email protected]> >> > . >> > For more options, visit this group at >> >http://groups.google.com/group/google-web-toolkit?hl=en. >> >> -- >> Chris Conroy >> Software Engineer >> Google, Atlanta > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > >
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
