Friday, February 26, 2016

Re: Reason for disabling Debug IDs in production?


1- The JavaScript download and processing of 'ensureDebugId()' is an unwanted overhead
2- when we set fixed dubug Id, someone can easily inject Unwanted script, which can make use of this ID. (Not sure who the injection will work though.)

Is there any other reason why we disable Debug Ids in production ?

No. Its mainly because of unneeded runtime overhead. Even your second reason is IMHO a bit exotic, because when someone can inject script into your app then you have a major security issue and these debug IDs are kind of irrelevant then.

-- J.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment