Well, obviously a static webpage is going to have no way of knowing whether there was any authentication done in the first place, and a model, of security through obscurity by only making that static link available on a GAE website that itself requires authentication isn't really security at all.
If you really want to make the user visit GAE to authenticate every time instead of saving the redirected link, using expiring session IDs is fairly trivial, even if it is complicated a bit by having to pass session data between 2 different systems. On Sep 23, 8:38 am, My3 <[EMAIL PROTECTED]> wrote: > But then the redirected page link cannot be static right. Like if once > they know the redirected page link, then they will open the link from > history without login into Google App Engine. > > On Sep 23, 6:29 am, Wooble <[EMAIL PROTECTED]> wrote: > > > On Sep 22, 10:08 pm, My3 <[EMAIL PROTECTED]> wrote: > > > > Sam, > > > > Yes i am currently using it. But i want to host an application > > > elsewhere which has to be used only by these Google Apps users. > > > > So for that can i use Google App engine to forward the authentication. > > > Or else can i use any other authentication. > > > Sure. Just create a handler that checks if someone is a valid user > > and redirects to a page in your application with whatever kind of > > information you want about them. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
