Wednesday, October 30, 2013

Re: Under GWT Architecture, Should we validate InputData at Client Side or Server Side?

I use "public static EventBus eventBus = GWT.create(SimpleEventBus.class);" in client.Utility, so it said liek "eventBus can not be used in Server or somethings like that"

On Thursday, October 31, 2013 12:44:19 AM UTC+11, stuckagain wrote:
You have to make sure that the validation code is in a shared location so that GWT compilation can find it and that the server code can use the class file.
 
What is the error you are seeing ?
 


On Wed, Oct 30, 2013 at 2:09 PM, Tom <Henr...@gmail.com> wrote:
How can Server & Client share the same Validation code in GWT?

I am using GWTP platform & when i am in a Server Class (ex: my.com.server.PostDataHandler) & then try to use my.com.client.Utility class from client, then I got an error.


On Wednesday, October 30, 2013 11:23:00 PM UTC+11, stuckagain wrote:
Sometimes customers try to hack your system by changing the GET/POST data to circumvent checks done in the client.
A Server should never trust that the client can be trusted.
 
The big advantage of GWT is that you can reuse the same code to perform validation on the serverside.
 


On Wed, Oct 30, 2013 at 11:52 AM, Jens <jens.ne...@gmail.com> wrote:
If you don't use SSL then data can always be altered during transfer. 

If you use SSL then there is still a very small chance for men in the middle attacks but something serious must go wrong to make them happen. For example the client must accept a fake certificate for your domain, or your SSL key must be stolen, or the CA root certificate that signed your certificate must be attacked, or the OpenSSL implementation has a bug...

So if you must validate data before it is stored in the database you should validate it on the server and not trust any client. Also keep in mind that data coming from the client could cause SQL injection on your server if you don't validate the data at all and you use it to build a DB query.

Client validation can be useful to avoid server requests though.

-- J.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-we...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-we...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.

No comments:

Post a Comment