You are right, but when you use 3rd part code or develop a large application you can't ensure that you have no such security problem. I'm interested to find these (and other) security holes in GWT applications. Current security scanners that work with other web applications fail in inspecting gwt applications.
On 29 Sep., 13:02, mP <[email protected]> wrote: > Hiho > > SQL injection is only a problem if you write crap code on the server > that builds SQL queries as a String rather than a Statement with > parameters that one sets. This problem exists for all kinds of web > apps if you do the wrong thing and not GWT exclusively. XSS is also > caused by writing and not escaping Strings that one has previously > received from a user. For example they post a string with some > javascript embedded inside which the app writes straight back and is > executed by the browser. Do the write thing and the problem > disappears... > > tya -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
