Sunday, August 18, 2019

Re: Same cache file for all users

In web development, security is enforced on the server and not in the browser. Even if they would have different kind of cache files, an attacker could still "guess" URLs and download other files. Actually someone can simply login to your server and communicate with it without ever using your GWT app. Obfuscation in GWT is also only done to reduce code size and not so much to secure the source code.

If you want security, your server must check any incoming request (authentication and authorization).

-- J.

You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

No comments:

Post a Comment