Thanks, Mark.
On Jun 2, 7:40 am, Mark Renouf mark.ren...@gmail.com wrote:
Not without modifications to the RPC subsystem. code generators and
API.
There is a Wiki doc on the proposed design:
http://code.google.com/p/google-web-toolkit/wiki/RpcAuth
On Jun 1, 5:46 am, Deep Blue
Thanks for the comments.
So, we are not able to implement this in current version of GWT?
On May 30, 10:13 pm, Mark Renouf mark.ren...@gmail.com wrote:
Re: request signing
At the GWT fireside chat at Google I/O, I asked about the possibility
of a per-request handler for the new
Not without modifications to the RPC subsystem. code generators and
API.
There is a Wiki doc on the proposed design:
http://code.google.com/p/google-web-toolkit/wiki/RpcAuth
On Jun 1, 5:46 am, Deep Blue deep.blue...@gmail.com wrote:
Thanks for the comments.
So, we are not able to implement
If you are worried about replay attacks use a random token as part of
each response/request pair.
On May 29, 11:09 pm, Deep Blue deep.blue...@gmail.com wrote:
Hi,
Thanks all for the comments / opinions.
I agreed with Daniel and Jason that we shouldn't send any extra info.
to client and
Hi all,
Is it possible to create an encyption / decryption layer around GWT
rpc mechanism?
The problem is currently in GWT rpc, all the data are sent / received
from server in JSON text (although SSL can help protect middle-man
attack, but launching firefox with firebug can see all the post
On Fri, May 29, 2009 at 3:29 AM, Deep Blue deep.blue...@gmail.com wrote:
Hi all,
Is it possible to create an encyption / decryption layer around GWT
rpc mechanism?
The problem is currently in GWT rpc, all the data are sent / received
from server in JSON text (although SSL can help protect
You cannot keep data encrypted on the client if you expect to allow
the client to use it. Anything that you want to protect from the user
should never leave the server.
for instance DVD and HD-DVD and BlueRay all attempt to keep their
formats encrypted from the user, but the user is
On Fri, May 29, 2009 at 10:56 AM, Jason Essington
jason.essing...@gmail.com wrote:
simply use HTTPS and protect the data while in transit, and don't send
anything to the client that you don't want the client to have access to.
-jason
On that note, use lightweight display models (not your
Hi,
Thanks all for the comments / opinions.
I agreed with Daniel and Jason that we shouldn't send any extra info.
to client and protect from server side.
However, some of my clients are paranoid about the data is being
exposed to users as clear text and they are able to forge the request
to
You may be interested in data signing not encryption.
On Sat, May 30, 2009 at 5:09 AM, Deep Blue deep.blue...@gmail.com wrote:
Hi,
Thanks all for the comments / opinions.
I agreed with Daniel and Jason that we shouldn't send any extra info.
to client and protect from server side.
10 matches
Mail list logo
