On 13 oct, 16:50, Brett Thomas <[email protected]> wrote: > I don't think that'll do much. Per Stefan's Rule 1, anything the client > stores can be read. If GWT encrypted stuff on the client, a hacker could > find out how to envoke the de-enfrypt() method pretty quickly. > > Related security question: since all apps that use GWT-RPC store data in the > same way, does that make GWT apps even less safe than plain old ajax apps? > Suppose a user is running 5 GWT-written apps simultaneously. Seems that one > script could swipe user data from all the browser tabs at once, if it knows > where to look for GWT-serialized objects. Think that's a valid concern?
Replace GWT-RPC with "JSON over XHR" and ask the question again. Think that's a valid concern? -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
