I don't think that'll do much. Per Stefan's Rule 1, anything the client stores can be read. If GWT encrypted stuff on the client, a hacker could find out how to envoke the de-enfrypt() method pretty quickly.
Related security question: since all apps that use GWT-RPC store data in the same way, does that make GWT apps even less safe than plain old ajax apps? Suppose a user is running 5 GWT-written apps simultaneously. Seems that one script could swipe user data from all the browser tabs at once, if it knows where to look for GWT-serialized objects. Think that's a valid concern? On Wed, Oct 13, 2010 at 10:29 AM, JuDaC <judac2...@gmail.com> wrote: > > Do you mean you want GWT to encrypt the object that is stored in > memory, before it's sent over RPC? > - yes, before sending the object or parameters over RPC, it obfuscate > it. > > I'm creating ways to avoid as many attacks as I know or the literature > mention. Here, the point is that I was wondering if GWT do not offer > something to make sure each request is really unique, avoiding for > example multiples requests of the same one (i.e. by tagging the > package). > > I checked AcrIS, but it's not for the the same purpose. > > The idea was exchange XP on GWT security, because I might be creating > things that the community offers. > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to google-web-tool...@googlegroups.com. > To unsubscribe from this group, send email to > google-web-toolkit+unsubscr...@googlegroups.com<google-web-toolkit%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
