Sure Jeff, any web page can suffer this attack. For keylogger there a simple any to prevent the attack. so to screenlogger.
But for "men in the middle" attack? is there any way to prevent without doing something on client-side? I was thinking in create some info that is sensible to browser frame here the page is running, so this info is sent together on the request, this info is unique per request, and is sensible to information on the request. This along with the obfuscation provided by GWT, can offer a little more security to the server to identify that the request is from a real client and not from a phishing. but so far I can not think in something more reliable. Falcon, you are right. I can't prevent the user from seeing the information, but what I want is to prevent someone to hijack the session (by racking the user) and keep sending to the server repeatedly the same package, or worst changing some informations on the package. Can you imagine the problem that can it cause on the bank website? in this situation, is really important to ensure that the request that reaches the server where made by a real user. Even that plugging that some banks ask to install can't prevent you from this attack I mentioned. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
