I'm writing a small GWT front-end for a backend app and I was wondering about the best security model for GWT apps?
I was thinking of implementing an RPC method that receives an MD5 of a user password from the client webpage, then passing back a session ID to the client page (or a failcode). All subsequent calls would simply use the session ID and the server would keep a track that the IP address for the session ID is the same IP address that created the session ID?
Is this the standard mechanism for (non-ssl) authentication for GWT applications?
If not, can anyone suggest alternative solutions?
Thanks,
This page by google gives a good overview of the security and tasks associated with logging in users. The link on that page to Security for GWT Applications also addresses several common gotchas specifically associated with GWT.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With