Hi, I'm a beginner with GWT, and would need an advice about RPC & security of the data. What i'm doing is a basic 'login' feature.
I implemented the part with RPC in which the client ask to the server if a user/password is valid. As an answer, the client receive an instance of my class SessionData which contains: - userID: the user identifier - isLoggedIn: a boolean true/false to tell if the user is currently logged - isAdmin: a boolean true/false to tell if the current user is an administrator - etc... That SessionData is then used by a lot of functions in my client code to check that the user is logged in or is an administrator. For example a RPC service AddMessage(SessionData session, MessageData msg) will add a message in the DB in the server side, and identify the user through the SessionData. My questions is the following: is it a good practice to do it such a way, and is it safe? Could some hacker succeed to modify the value of isLoggedIn or isAdmin of a SessionData in the client, and access parts of the site they shouldn't ? Thanks a lot ! Bé-noix -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
