Hi all, I've seen this a problem (or best practice) that should be addressed which relates with OWASP's GWT presentation where they sate that:
Are the {HEX}.cache.html files accessible by unauthenticated users? Is the login functionality implemented using GWT RPC? If yes, the {HEX}.cache.html file will be leaking out information to unauthenticated users! How one should prevent the {HEX}.cache.html to be accessible by unauthenticated users? Best regards -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.