Same cache file for all users

[Idan Pwc]

Hi all,

I'm just reviewing a app and I notice all the users in the app (all have different level of authorization) uses the same cache file, is that a problem? I'm a bit worried that if they have the same cache file they could deobfuscate the file and see function they shouldn't have access to.

Thank you

[Jens]

In web development, security is enforced on the server and not in the browser. Even if they would have different kind of cache files, an attacker could still "guess" URLs and download other files. Actually someone can simply login to your server and communicate with it without ever using your GWT app. Obfuscation in GWT is also only done to reduce code size and not so much to secure the source code.

If you want security, your server must check any incoming request (authentication and authorization).

-- J.