Use this at your own risk, this is just my opinion and may not fulfill any agreement you have with Authorize.net
My guess is that they want you to have separate servers (not servers handling Web requests) that handle transactions without ever revealing the key to the Web servers. It is not clear that you have that ability in GAE. I suspect many of their clients do not live up to that standard. Putting the key in memcache or the datastore still makes it accessible from the server handling Web requests. I would not recommend just the memcache as it will/could eventually get flushed. Most people would probably just hard code it on the App Engine server code. It might be a little more secure or closer to Authorize.net's idea if it's stored in the datastore. (which is more secure in GAE, the code or datastore data?) I think you could just create a simple entity in the datastore with server code you run once and remove or maybe directly from the admin panel, rather than mess with some custom GWT UI just for it. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
