Hi, we are looking for a push solution for our SmartGwt app.
As part of that effort we have done a lightstreamer POC, and after playing with it for a while, we have the following question:

Is there a mechanism to prevent a URL spoofing by merely substituting legitimate ids contained in the GET url of subscribe request, for others, that the client is not supposed to ever see?


1) Since our grids data is cached on the client, we have to use the actual record keys, rather than physical row id.

2) In our case, the hacker wouldn't even have to know the actual record keys, the mere fact of an update to someone else's record, never mind it's contents, constitutes a major security breach.

Please advise.