Hi! I use RequestBuilder for client-server communication. And I have some questions:
For example we make http request to ".../get.php"(function(), select some data from DB and send it back). Response is an array[1,2,3,4,5]
On client side onTheButtonClick we can change the data, the new_array[1,3,6,8,9], and now we need to send this changes to DB. And onSaveButtonClick() we make http post request to ".../set.php" with parameters = new_array
The question is: does it safe? Is it possible that anybody authed user can make this call by creating JS script with http post request and send his own(fake) data?(e.g. fake_array[10,20,30,23,12]) without clicking a button. How can I send change data from client side to a server safely?
-- For example we make http request to ".../get.php"(function(), select some data from DB and send it back). Response is an array[1,2,3,4,5]
On client side onTheButtonClick we can change the data, the new_array[1,3,6,8,9], and now we need to send this changes to DB. And onSaveButtonClick() we make http post request to ".../set.php" with parameters = new_array
The question is: does it safe? Is it possible that anybody authed user can make this call by creating JS script with http post request and send his own(fake) data?(e.g. fake_array[10,20,30,23,12]) without clicking a button. How can I send change data from client side to a server safely?
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment