Menu
I want to implement a custom user authentication system in my appengine app. I don't want to use sessions. I'm a newbie in this area, so I have two basic questions:
1: Is it secure to just send a username and password with every single RPC over https? What do I need to do to keep that username and password secure on the client end?
2: How do I tell GWT to use https when it makes its requests?
I don't know much about security, so please don't spare me any "obvious" details.
Thanks!
783
Watching the process with firebug shows that all RPCs are happening over the same protocol that the host page was requested with. This seems to be required for same-site-origin rules, so I'm going to assume that my answers are
1: Yes, but it's slower
2: GWT automatically uses https when the host page was requested w/ https
60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
