an authenticating web service rather than JSONP requests.
The application won't be storing any important information but as
users tend to use the same password for their web services it is an
issue.
On Mar 23, 11:47 am, Thomas Broyer <t.bro...@gmail.com> wrote:
> On 23 mar, 00:42, eggsy <jimbob...@hotmail.com> wrote:
>
> > Are there any other ways?
>
> > For example if I code a GWT form with username and password and pass
> > the values through with the JSONP request as parameters (doing my own
> > verification server side) I'm getting the feeling that this would be a
> > bad way to do it?
>
> Yup; unless you make your request over SSL/TLS (HTTPS) (but even then,
> it would be "bad looking")
>
> You can eventually use HTTP-level authentication (using HTTP Basic --
> which sends credentials in the clear, so should be used over SSL/TLS
> only-- or HTTP Digest on your server's side), and use an URL such as:
> http://user:p...@example.net/my.module.nocache.js
>
> > Could people strip/sniff the parameters because they would be in plain
> > text??
>
> Over SSL/TLS, no; otherwise, yes.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to Google-Web-Toolkit+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment