I have a question about how to send password over the wire from the GWT web app to the server.
My client talks to server using HTTPS. My understanding is that GWT RPC uses HTTP POST to communicate. So I assume it is OK to send plain-text password using GWT RPC.
Am I wrong? Is there any other options for sending password securely between GWT client and server?
Many thanks
There will be no problem because you are laready using HTTPS.
If still you have a narrow edge in mind then you can send the strings like passwords..account numbers in a secured way by using a thirdparty light weight library called GWT-Crypto.
It uses TripleDesCipher to encrypt your strings with an byte array key(known by you only).
Here is an example ,and not exactly but some related question here.
GWT is not different to any other browser app. Almost authentication systems use the same approach: send password using POST over HTTPS.
You are right that it is OK to send plain-text password using GWT RPC This might help 1) GWT/Javascript client side password encryption 2) GWT with SSL security
