Re: Setting Up A Login Page To Use SSL
Nick, On Tuesday, May 24, 2011 11:56:57 PM UTC+2, Nick Apperley wrote: > > Max - With regards to point 1 I did consider it but it isn't feasible > to use SSL for the entire website when large amounts of data is being > sent to/from the server. Most of the data being received from the > server is in JSON format, which although it is less verbose than XML > it does include other pieces of data that hasn't been requested from > the website (client). > > All of the received data comes from a DB as row(s). If a row contains > a foreign key then the referred row (by the key) is automatically > included instead of the key in a JSON file. This is automatically done > by the server, no changes were made to do this. You can imagine just > how much data is included if there is more than one foreign key, and > this automatically scales up recursively if the included row also > contains a foreign key. I'm sorry, but how is this an argument against TLS, again? Cheers! Max -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Setting Up A Login Page To Use SSL
Max - With regards to point 1 I did consider it but it isn't feasible to use SSL for the entire website when large amounts of data is being sent to/from the server. Most of the data being received from the server is in JSON format, which although it is less verbose than XML it does include other pieces of data that hasn't been requested from the website (client). All of the received data comes from a DB as row(s). If a row contains a foreign key then the referred row (by the key) is automatically included instead of the key in a JSON file. This is automatically done by the server, no changes were made to do this. You can imagine just how much data is included if there is more than one foreign key, and this automatically scales up recursively if the included row also contains a foreign key. > 1. Have you considered using TLS/SSL for your complete application? Without > that a MITM would still be able to sniff the session cookie and act on > behalf of the user, sniff users' data, modify data on the way between server > and client and so on. > > 2. If you really really want to use TLS only for login purposes I recommend > you redirect users to a simple login page using https and after logging in > redirecting them back to the http version fo your app. > > HTH > Max -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Setting Up A Login Page To Use SSL
Nick, two points: 1. Have you considered using TLS/SSL for your complete application? Without that a MITM would still be able to sniff the session cookie and act on behalf of the user, sniff users' data, modify data on the way between server and client and so on. 2. If you really really want to use TLS only for login purposes I recommend you redirect users to a simple login page using https and after logging in redirecting them back to the http version fo your app. HTH Max -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Setting Up A Login Page To Use SSL
It appears as though a request is getting through to the server. Why does RequestBuilder only accept a single String for data with an HTTP request? There are 2 defined REST web services on the server that take one or more parameters (data). How do I send an HTTP POST that contains one or more parameters (data) with GWT? On May 24, 1:08 pm, Nick Apperley wrote: > When using CORS with GWT how will I know if an HTTP request is getting > through? In the client the RequestBuilder class is being used to send > an HTTP POST with the "Content-Type" header set to "text/plain". With > the testing of the client it doesn't appear as though anything is > occurring after the request is sent. Normally Firefox will display > something in the status bar when an HTTP request is being made. > > On May 23, 5:35 pm, Andi wrote: > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Setting Up A Login Page To Use SSL
When using CORS with GWT how will I know if an HTTP request is getting through? In the client the RequestBuilder class is being used to send an HTTP POST with the "Content-Type" header set to "text/plain". With the testing of the client it doesn't appear as though anything is occurring after the request is sent. Normally Firefox will display something in the status bar when an HTTP request is being made. On May 23, 5:35 pm, Andi wrote: > you can use cors (cross origin resource sharing). i think its cool, but with > that you will have a reduced browsersupport. > > andi > > (vom fon) > > On 23.05.2011, at 05:52, Nick Apperley wrote: > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Setting Up A Login Page To Use SSL
you can use cors (cross origin resource sharing). i think its cool, but with that you will have a reduced browsersupport. andi (vom fon) On 23.05.2011, at 05:52, Nick Apperley wrote: > How do I setup a login page to use SSL for the GWT client? I have been > looking around the web for a simple way to do this, but surprisingly > there is no guide available which contains some example code for doing > it. Currently I am trying to figure out how to get the client app to > communicate with the Glassfish (ver 3.1) server via REST over SSL for > logins/logouts only. > > With the debilitating SOP establishing communication between the > client and server has proven difficult enough to achieve via HTTP > (REST) with JSONP since only GETs can be done. Does the entire website > (client) have to use HTTPs if it is on the same server where the REST > web services reside? What steps need to be done on the server side > with Glassfish to enable SSL support that works with the client? > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to google-web-toolkit@googlegroups.com. > To unsubscribe from this group, send email to > google-web-toolkit+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
