On Tuesday, March 22, 2016 at 12:56:06 PM UTC+1, Shrivathsa Bhat wrote:
>
> Hello All, I've heard it is possible to enumerate all available methods in
> client side. Below are some links about this:
>
> https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset
>
> https://blog.gdssecurity.c
Client side is insecure by definition as you can not control what will be
done with the downloaded Javascript code.
If you have implemented authentication and authorization correctly in your
server side GWT-RPC methods then its not an issue.
-- J.
--
You received this message because you are
Hello All, I've heard it is possible to enumerate all available methods in
client side. Below are some links about this:
https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset
https://blog.gdssecurity.com/labs/2010/7/20/gwtenum-enumerating-gwt-rpc-method-calls.html
My question is, is it