All geek questions in one place

GWT with SSL Security

I was interested to know what security flaws (if any) are in using GWT with SSL (in fact, TLS is configured on the JBoss web application server). I discussed this with my friend, and he says that even if I enable HTTPS, some attackers will be able to intercept my .js and change the code and get authentication on the server. We assumed that in addition to SSL, we never send a text password to the wire (we do it first). Is it really possible?

Another thing I would like to know is how does Javascript code (generated by GWT) make RPC calls? We used Wireshark to spoof requests and responses from the client to an SSL-enabled web server, and there are no RPC packets. All that we see are these TLS protocol packets, we can easily identify them with a filter on the source and destination IP addresses of the client and the web server.

+3
source share
2 answers

If you also send your .html and .js files via HTTPS, then, generally speaking, no one will be able to manipulate them during the transfer. Of course, there are some practical questions:

  • Does the TLS program have any errors?
  • Are there any flaws in the TLS protocol?
  • ?
  • ?
  • ...

, . :

, SSL ( ).

, SSL? , , SSL, . , , ! , , .

. GWT/Javascript.

:

Wireshark - SSL, RPC, . , , TLS...

, ! RPC - . Wireshark SSL dissector, , Wireshark ( ! )

+4

SSL/TLS, . SSL/TLS Server Test. , PCI DSS HIPAA NIST, SSL/TLS.

0

Source: https://habr.com/ru/post/1774033/

More articles:


All Articles