gwt rpc - Encode request payload in GWT RPC call -

-

i using gwt create web-app.

when making rpc call client side (browser), in inspect element request payload below :

7|0|8|https://xxxx.xxxx.in/testproject/in.testproject.main/|87545f2996a876761a0c13cd750ea654|in.testproject.client.customerclassservice|check_user_login|java.lang.string/2004016611|in.testproject.beans.customerbean/3980370781|userid|password|1|2|3|4|3|5|5|6|7|8|6|0|0|0|0|0|custid|0|0|0|0|0|0|0|0|0|

in request details username, password & custid displayed in request payload.

my question is, possible encode or hide details request payload?

you looking @ wrong level of abstraction. what's point of encoding/"hidding" these values in payload? exchange between server , client can intercepted anyway... unless use https. ensures safe/encrypted communication between server , client. don't try "clever" , encrypt part of communication/payload, just use https.

but concern client should not able seen method call making, parameter type in request, parameter values etc. should hidden client.

but parameter values input user himself or hardcoded somewhere in application (which user able see/decipher, because browser has to). trying achieve security through obscurity , never idea. i'd focus attention , efforts securing endpoints (gwt-rpc services), validating input sent there, etc.

you have remember 1 thing - user has access source code (compiled , minified, still) of client-side part of application. so:

  • he'll able figure out how communicate server, because application has to.
  • he can modify application send malicious requests - if created hypothetical way of encoding parameters/addresses. find place before encoding done , voila. firebug , other developer tools immensely in this.

so "securing" client-side in way meaningless (of course, csrf, xss, etc. should concern), malicious user bypass because have give him tools - otherwise, "normal" user (or rather browser) wouldn't able use application.


Comments

Post a Comment

Popular posts from this blog

java - Plugin org.apache.maven.plugins:maven-install-plugin:2.4 or one of its dependencies could not be resolved -

-
i getting error message , further 1 here: failed read artifact descriptor org.apache.maven.plugins:maven-install-plugin:jar:2.4: even though when go .m2 repository path c:\users\a591024.m2\repository\org\apache\maven\plugins\maven-resources-plugin\2.4 the maven-resources-plugin-2.4.jar file there , maven-resources-plugin-2.4.pom there. have tried delete .m2 repository no luck. far maven not build project desperately need to. any ideas? it seems proxy issue please aad following in setting.xml grabbing lan setting , proxy information. <proxies> <proxy> <id>proxy</id> <active>true</active> <protocol>http</protocol> <host>hostname</host> <port>port</port> </proxy> </proxies> this frequent issue, please see below link well. plugin org.apache.maven.plugins:maven-clean-plugin:2.5 or 1 of dependencies not resolved maven: failed ret
Read more

Round ImageView Android -

-
Image
i working on android application in doing rounded image view. working fine images, images 160x120 resolution shows oval shaped. code custom imageview given below, please me out here: public class roundimage extends drawable { private final bitmap mbitmap; private final paint mpaint; private final rectf mrectf; private final int mbitmapwidth; private final int mbitmapheight; public roundimage(bitmap bitmap) { mbitmap = bitmap; mrectf = new rectf(); mpaint = new paint(); mpaint.setantialias(true); mpaint.setdither(true); final bitmapshader shader = new bitmapshader(bitmap, shader.tilemode.clamp, shader.tilemode.clamp); mpaint.setshader(shader); mbitmapwidth = mbitmap.getwidth(); mbitmapheight = mbitmap.getheight(); } @override public void draw(canvas canvas) { canvas.drawoval(mrectf, mpaint); } @override protected void onboundschange(rect bound
Read more

How can I utilize Yahoo Weather API in android -

-
Image
i want develop app using yahoo weather api android. want current , forecast weather details. i have tried different sources (e.g.: https://github.com/survivingwithandroid/weatherlib , getting error weatherlib api android , unable execute activity in android weatherlib ) , getting different errors m unable resplve. there can proper tutorial or guide! error: -17 08:50:48.961 3168-3168/com.survivingwithandroid.weather e/androidruntime﹕ fatal exception: main process: com.survivingwithandroid.weather, pid: 3168 java.lang.runtimeexception: unable start activity componentinfo{com.survivingwithandroid.weather/com.survivingwithandroid.weather.mainactivity}: java.lang.nullpointerexception: attempt invoke interface method 'boolean java.util.list.isempty()' on null object reference @ android.app.activitythread.performlaunchactivity(activitythread.java:2298) @ android.app.activitythread.handlelaunchactivity(activitythread.java:2360) @ android.app.activi
Read more