Abstract
Authorization—what’s that all about? Did you think we’d already done security in Chapter 5? Shouldn’t we be finished with it? Do we really need to keep looking at security? Well, we did do some security work in Chapter 5, but we in no way finished the subject. In Chapter 5, we focused on authentication. We found strategies for letting our users prove who they are. However, just because our web site knows who we’re dealing with doesn’t mean that we know what to do with them. What rights to data do they have? What can they see? What can they do? Our security system is URL based, so we know we were able to allow certain users access to only certain pages, but everyone is allowed to use the RPC mechanism, so if that’s not secure, nothing is. On top of this, just because we know who’s logged in doesn’t mean we can even be sure whether the request is coming from our users; it could potentially come from a malicious script running in their browser.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Rights and permissions
Copyright information
© 2008 Jeff Dwyer
About this chapter
Cite this chapter
(2008). Security and Authorization. In: Pro Web 2.0 Application Development with GWT. Apress. https://doi.org/10.1007/978-1-4302-0637-8_11
Download citation
DOI: https://doi.org/10.1007/978-1-4302-0637-8_11
Publisher Name: Apress
Print ISBN: 978-1-59059-985-3
Online ISBN: 978-1-4302-0637-8
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books