I'm new to this topic, looking for a quick yes/no re Smart GWT capabilities:
I've inherited an ancient public-facing JSP app that is getting abused by data miners who submit direct HTTP Requests (bypassing the GUI) like
And unfortunately the app's servlet responds, until it becomes unresponsive :)
Thinking about moving the app into Smart GWT:
- Does the framework preclude this type of direct HTTP Request (non-GUI) access?
- By default? Or must this be configured/coded to guard against?
- If yes, please point to docs.
- Is there a way to lock down DataSource access to the GUI only? (Or is that already the default?)
I've looked at the "Raw Request" format in the SmartClient Developer Console (RPC Tab). My understanding is that Smart GWT uses XHR request/response format. Could this also be used in an abusive manner that bypasses the GUI?
Any guidance appreciated, thanks.
I've inherited an ancient public-facing JSP app that is getting abused by data miners who submit direct HTTP Requests (bypassing the GUI) like
Code:
GET /MyPublicApp/casedetail?casenum=123456&casesite=XY&casecode=Q
Thinking about moving the app into Smart GWT:
- Does the framework preclude this type of direct HTTP Request (non-GUI) access?
- By default? Or must this be configured/coded to guard against?
- If yes, please point to docs.
- Is there a way to lock down DataSource access to the GUI only? (Or is that already the default?)
I've looked at the "Raw Request" format in the SmartClient Developer Console (RPC Tab). My understanding is that Smart GWT uses XHR request/response format. Could this also be used in an abusive manner that bypasses the GUI?
Any guidance appreciated, thanks.
Comment