Very good point!!! If everybody does the same way is the same thing that do nothing, here we could try using keys. but the thing is that what Stefan said breaks everything, always. The server should control requests.
but how identify the uniqueness of a request not trusting on the client-side? when the request is real by the client and when it's provided by an fishing attacker? I can not think in nothing but put some tricks on the client itself. But doing that Stefan ruins everything.! :( -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
