A few weeks ago I posted something about securing your JSON. Since then Joe Walker has been looking into a few solutions. He posted the following three:
- Use a Secret in the Request
- Force pre-eval() Processing
- Force POST requests
More information about this issue:
Security for GWT applications
Shaping the future of secure Ajax mashups
