Hi all, I've seen this a problem (or best practice) that should be
addressed which relates with OWASP's GWT presentation where they sate
that:
Are the {HEX}.cache.html files accessible by unauthenticated users?
Is the login functionality implemented using GWT RPC?
If yes, the {HEX}.cache.html file will be leaking out information to
unauthenticated users!
How one should prevent the {HEX}.cache.html to be accessible by
unauthenticated users?
Best regards
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
