Hello,
I'm writing a small GWT front-end for a backend app and I was wondering about the best security model for GWT apps?
I was thinking of implementing an RPC method that receives an MD5 of a user password from the client webpage, then passing back a session ID to the client page (or a failcode). All subsequent calls would simply use the session ID and the server would keep a track that the IP address for the session ID is the same IP address that created the session ID?
Is this the standard mechanism for (non-ssl) authentication for GWT applications?
If not, can anyone suggest alternative solutions?
Thanks,