Hi, I am working on a project and want to connect a swing client to ofbiz.
I created a simple standalone client and was able to invoke userLogin service. I figured out that all services where auth=true, I have to pass the userLogin GV that was returned by userLogin service. I have a concern that if a client was able to get hold of userLogin GV probably by invoking getRelatedOne() sort of method, he would be able to invoke a service with that retrieved userLogin. In sum, my main concern is over security when it comes to connected with RMI. Secondly, I had a quick look on POS application and noticed that it is using GenericDelegator. My question is that if POS is a standalone application, how the derogator is accessible. Thank you Muhammed Aamir
