Thanks for the comments. So, we are not able to implement this in current version of GWT?
On May 30, 10:13 pm, Mark Renouf <[email protected]> wrote: > Re: request signing > > At the GWT fireside chat at Google I/O, I asked about the possibility > of a per-request handler for the new RPCRequestBuilder coming in GWT2. > They mentioned it had been considered. > > With a user method invoked just before the request is sent, you could > easily implement GWT-RPC signature/authentication transparently and > protect the integrity of the entire request. MD5, SHA1 and event > HmacSHA1 work reasonably when ported to translatable Java source. I've > successfully performed authenticated Amazon S3 requests in this way, > straight from the browser. > > On May 30, 2:21 am, hazy1 <[email protected]> wrote: > > > If you are worried about replay attacks use a random token as part of > > each response/request pair. > > > On May 29, 11:09 pm, Deep Blue <[email protected]> wrote: > > > > Hi, > > > > Thanks all for the comments / opinions. > > > I agreed with Daniel and Jason that we shouldn't send any extra info. > > > to client and protect from server side. > > > > However, some of my clients are paranoid about the data is being > > > exposed to users as clear text and they are able to forge the request > > > to retrieve data from server. > > > This is just one step more protection, but should be effective in > > > prevent normal users from forging the request just by using plugin in > > > firefox. > > > > GWT has already obfuscated the javascript source code when compiling, > > > this is great. > > > I was thinking maybe we can take one step further to encrypt the data > > > (only for sensitive information rpc.) > > > > We will protect the data / request from server side, but to let > > > clients able to rest assure, I am just trying to look out any way we > > > can implement the encryption in GWT. > > > I know it sounds ridiculous, but sometimes clients are ridiculuous. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
