However, since GWT is taking an application that may contain hidden
functionality and exposing this and all methods to the user, it is treated as a proxy
framework for the purposes of this analysis.
Installation Procedures
The following steps are taken by the developer to install GWT:
1. Ensure you have the Sun Java Software Development Kit (SDK) installed.
2. Download the latest version of GWT from http://code.google.com/
webtoolkit/download.html.
182 Hacking Exposed Web 2.0
3. Use the supplied applicationCreator script to generate the ?¬? les needed to
support the soon-to-be-created Java web application. Write and debug the
application in the Java integrated development environment (IDE) of choice
until the application is ready to be deployed.
4. When the application development is ?¬? nished, it is ready to be compiled by
GWT. Run the GWT compile script, which turns the Java application into a set
of JavaScript and HTML ?¬? les. These ?¬? les can be copied to any web server to be
served to the client.
Unintended Method Exposure
Popularity: 4
Simplicity: 6
Impact: 3
Risk Rating: 4
In terms of method exposure, GWT is an interesting case study. While other AJAX
frameworks often require developers to declare which classes should be exposed, GWT
by default exposes all methods in the application.
Pages:
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329