I could be wrong, but I have the impression that frameworks like GWT makes security a lot easier since there are less server roundtrips needed so less attack vectors. Every servlet we write is a potential target for hackers. The only thing of course is that you need to be smart enough that the security is not implemented in the client GUI code like some like to do.
On Wed, Nov 6, 2013 at 1:51 PM, Andreas Horst <horst.andreas82@gmail.com> wrote:
I'd say it's even more than "a bit silly" because as one can see Vaadin, which is based on GWT, is not that insecure. It seems to me like the author just entirely omitted the fact that - of course - one can apply all security mechanisms current containers provide on the server side with GWT as well! Just look at what is written in the "evaluation" of Vaadin: "...by declaring security constraints in the deployment descriptor...". AFAIK, this has nothing to do with the applied (front end) framework.2013/11/6 salk31 <salk31@gmail.com>http://zeroturnaround.com/rebellabs/the-2014-decision-makers-guide-to-java-web-frameworks/3/--
Apparently GWT is insecure because it uses JavaScript. Am I reading this wrong or is it a bit silly?
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment