I wanted your opinions on an SSL workaround I'm planning for my medical app.
Let's say my medical app is www.mymedical.com. The front-end is written in GWT and served from AppEngine via HTTP from www.mymedical.com. It does not even use the datastore. The back-end is a JSON data API at mymedical.appspot.com. It has all the important stuff: db of users, their medical data, etc. It only responds to HTTPS. Question: How do we make secure requests for sensitive data without the loss of branding that occurs when mymedical.appspot.com appears on the address bar? Answer: Serve all pages from www.mymedical.com, and have those pages execute asynchronous API calls to mymedical.appspot.com. Retrieve responses by having the server output JSONP (http://bob.pythonmac.org/ archives/2005/12/05/remote-json-jsonp/) rather than plain JSON. Do any of you guys currently do this? How does it work for you? Erem --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
