I'm probably asking a newbee question but i'm wondering if there is a security issue to use roles to set the visibility of some field in a a Gwt panel (Smartgwt but doesn't change the problem). I have securitty checking server side on the main services restricted for some roles and besides I instaniate only the panels corresponding to the user granted access but in some case I need to reduce the data visible on some views for some roles. I开发者_运维百科f there is a security issue what will be the best workaround for such a request?
You cannot expect to hide data you send to a client with the user interface, since the user can always access the data via some other interface that you didn't create. Don't use GWT to reduce data visibility - always do that on the server. You only control the server, even if it seems like you control the client.
精彩评论