Hi Vincent, RequestFactory is not inherently any more or less secure that GWT RPC. With either approach, you should protect RPC calls for sensitive data with SSL and protect against XSRF attacks by sending a token with each request payload. For more info, see
http://code.google.com/webtoolkit/doc/latest/DevGuideSecurity.html http://groups.google.com/group/google-web-toolkit/browse_thread/thread/f0f74b0734f04a1c As for the second part of your question, you are correct. On the client side, RequestFactory works with proxy (interface) representations of entities. RequestFactory automatically converts between the proxy representation and the server-side entity when sending / receiving. /dmc On Sat, Jul 9, 2011 at 10:39 PM, Vincent François <vincentfrancois.pro@ gmail.com> wrote: > Is it correct to think that Request Factory is more secure that GWT RPC ? > > The client does not handle a entity (objectify entity) but handles a proxy. > Is it true ? Am I right ? > > -- Vincent > > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/google-web-toolkit/-/mWVdzvWclJQJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > -- David Chandler Developer Programs Engineer, GWT+GAE w: http://code.google.com/ b: http://turbomanage.wordpress.com/ b: http://googlewebtoolkit.blogspot.com/ t: @googledevtools -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
