Hey everyone, and thanks again for the help.
You have all given me lots of advice on security, which is something I
don't have much experience on, so it's greatly appreciated. I am securing
my server-side calls at the moment, and decided that as there will be only
one or two admin users, it
Hi guys, and thanks for the answers.
So it seems the answers you have given are two-fold. I hadn't really got to
thinking about securing the server yet as I am just building a prototype
and still learning as I go. However, now seems as good a time as any to
secure the RPC calls. Would
what you are about to implement is something bigger than a simplified logic
of admin/not-admin user, but rather privileged/unprivileged. Therefore in
many cases like using CAPTCHA (robot defense), that's a matter of your
taste as a web-designer to call the server for serialized UI elements, or
http://code.google.com/p/google-web-toolkit/wiki/CodeSplitting
have a look at code splitting for not downloading something the user does
not need!
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To view this discussion on the web visit
If the difference between the download size of your UI for admins
versus regular users is large than you may want to consider splitting
the UI as suggested elsewhere in this thread. You will have to decide
if this is worth the effort in your case. My understanding of the
client side of GAE
Agreed, server side access checks must always be there.
public String getAuditLogDetail(int id) throws MyException {
HttpSession sess = getThreadLocalRequest().getSession();
validSession(sess);
if (hasAdminAccess(sess)) {
LocalDbWrapper ldb;
try {
ldb =
Hey coders,
I'm building an app at the moment that will have regular users and
administrators. The part I am building atm is an intranet-like section that
allows the admins to upload files to the blobstore (also using app engine),
so that users can download them.
I have been using MVP with