HI Thomas, are the GWT methods XsrfProtectedService on client side and
XsrfProtectedServiceServlet on server side still experimental? The GWT
documentation has described csrf protection in detail using them... Can I
follow that?
On Thursday, 2 March 2017 17:19:11 UTC+2, Thomas Broyer wrote:
>
Thank you, everyone, for helping me!
четверг, 2 марта 2017 г., 14:01:18 UTC+7 пользователь gitzzz написал:
>
> Hi! I use RequestBuilder for client-server communication. And I have some
> questions:
>
> For example we make http request to ".../get.php"(function(), select some
> data from DB and
Indeed, you really can't trust the client code. You just send code that you
would like the client to run. The client can do whatever it likes. If
somebody was really attacking you they wouldn't even be using a browser.
As ever it depends what you want to optimise for ;) I can see two main
Thanks! I meant that I can't trust the client code. For example, we play
poker, the server sent 3,4,5,6,8 combination. It's not a win hand and I've
decided to send my own data - 3,4,5,6,7. At this point we see that the
server should to check/validate sended data with incoming data. But is it
On Thursday, March 2, 2017 at 8:01:18 AM UTC+1, gitzzz wrote:
>
> Hi! I use RequestBuilder for client-server communication. And I have some
> questions:
>
> For example we make http request to ".../get.php"(function(), select some
> data from DB and send it back). Response is an
Seconded. One of the best bits of advise I ever got is, "if you have a
validation on the client, re-validate on the server".
The JSR validation makes it easy to be sure validation is consistent, but
I've not tried it now that the validation is a library.
On Thursday, March 2, 2017 at 5:27:59
Basically you can't trust the client or the client code... If that is what
you mean?
Unless all clients and network access is tied down by you (very rare) then
you must not trust anything coming in... need parse carefully, check
permissions..
On Thursday, March 2, 2017 at 7:01:18 AM UTC,
Hi! I use RequestBuilder for client-server communication. And I have some
questions:
For example we make http request to ".../get.php"(function(), select some
data from DB and send it back). Response is an array[1,2,3,4,5]
On client side onTheButtonClick we can change the data, the
