hello all: I'm using GWT 2.3 requestfactory+ GAE 1.5 user authentication for my app, it only allows authenticated people to access, implemented as below: if the user has not login to Google, redirect him the Google login screen. if yes, check if he has the right to access. if yes display the web UI to user. or display error screen.
My question is: 1. Do i have to check every gwtrequest to ensure the security? i mean, use a filter to check every gwtrequest to see if the user has the right to access. if so, the application is more secure but have to process much more extra payloads. 2. If i just use the login authentication but does not check every gwt requests after that, is there risk that un-authorized people may be able to access my app? Does requestfactory automatically have ways to protected this? Thanks. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/h0Nx1ecMf2sJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
