Hi, The client side (browser) will NEVER be secure. Any attacker (at the clever ones) could replace the browser by a software which allows ANYTHING.
RULE 1: Anything you send to the client is readable on the client computer. No way to hide sended data! RULE 2: Anything a client send to your server might by manipulated. Never be sure that you client program is still in place. In client-server you NEVER-EVER have a totally trusted environment. This would only be possible on TC trusted computers but with other problems (a trusted computer is NOT save to be a spy for someone else) Security is alway limited Stefan Bachert http://gwtworld.de On 13 Okt., 15:29, JuDaC <[email protected]> wrote: > hi Folks!!! > > I'm having a serious problem with security using RPC. I'm using > HTTPS (through SSL), but unfortunately the attacker was able to get > the RPC request in text plain easily. The same scenario as using > firebug on FF. The attacker intercept the packages before it reaches > the SSL layer. If you had used firebug, it just like that. > > I would like to know if there is a way to inform GWT to encrypt RPC > request automatically or if I must do it by myself. > > I do not want to prevent the attacker to get the package (that is > impossible) but I want to not allow him to easily read the info on the > package. > > Tks. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
