I believe that's a problem with the web application. The attacker is calling the unprotected method HomepageService.getLocalHost() that returns a TrustHostModel with a hostname, password, port, user, userid,... I'm not a security expert, but I would never request a password from server.
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/6XoShhJSs8kJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
