Perhaps you can use a shared keyed encryption method to secure the communications between your two apps. Trying to use the browser based authentication methods for app to app communications forces you to manage sessions etc. which allows for attacks like man-in-the-middle and session stealing. If you control both ends of the handshake, a shared secret is simple to implement and easiest to maintain.
On Fri, Dec 31, 2010 at 7:18 AM, Andy <[email protected]> wrote: > Hi, > > I am trying to build 2 apps. App 1 is calling App 2 through URL Fetch but > App 2's URL is secured so when APP 1 is fetching something from APP 2, it > requires authentication, both apps belong to the same gmail account though. > How do I do that? Do I use URL Fetch with GET and submit login to APP 2? > Any idea? > > Thanks, > > Andy > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine-java%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > -- -- A. Stevko =========== "If everything seems under control, you're just not going fast enough." M. Andretti -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
