Request Factory More Secure ?

[Vincent François]

Is it correct to think that Request Factory is more secure that GWT RPC ?

The client does not handle a entity (objectify entity) but handles a proxy. Is it true ? Am I right ?

-- Vincent

[David Chandler]

Hi Vincent,

RequestFactory is not inherently any more or less secure that GWT RPC. With either approach, you should protect RPC calls for sensitive data with SSL and protect against XSRF attacks by sending a token with each request payload. For more info, see

http://code.google.com/webtoolkit/doc/latest/DevGuideSecurity.html

http://groups.google.com/group/google-web-toolkit/browse_thread/thread/f0f74b0734f04a1c

As for the second part of your question, you are correct. On the client side, RequestFactory works with proxy (interface) representations of entities. RequestFactory automatically converts between the proxy representation and the server-side entity when sending / receiving.

/dmc

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/mWVdzvWclJQJ.
To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

--
David Chandler
Developer Programs Engineer, GWT+GAE
w: http://code.google.com/

b: http://turbomanage.wordpress.com/
b: http://googlewebtoolkit.blogspot.com/
t: @googledevtools

[Vincent François]

Tank's

Vincent