Are you also using GWT by chance? On Tue, Feb 1, 2011 at 9:15 AM, Wim den Ouden <[email protected]> wrote:
> google accounts and the user api just works for me, allways there. > wim > > 2011/2/1 Jeff Schwartz <[email protected]>: > > Hi all, > > > > I hope you don't mind me cross posting this to both the gwt and app > engine > > groups since I'd really like to get the opinions of users on both > platforms. > > > > I'm in the middle of developing a gwt application on app engine. The > > application's security requirements are that non members, meaning those > that > > haven't registered, are restricted to viewing only the application's > public > > 'page'. > > > > What I developed for authentication is home grown using my own login > form, > > client side cookies and a User entity with password and email address > stored > > in the application's data store. While my home grown implementation works > > perfectly I am not comfortable with the security implications of cookies > and > > passing raw passwords to the server to authenticate my users. I also can > not > > use SSL at this time as financial constraints unfortunately prohibit any > > expenditures on this project. > > > > As I place my users' privacy and security above all else I am therefore > > looking to implement a better solution; one that would if possible > eliminate > > my responsibility altogether of having to store cookies and passwords and > > transport them via HTTP when authenticating. > > > > One alternative that I am currently considering is using Google Accounts > to > > authenticate my users along with my own User entity that would store the > > additional information users must provide when registering to use the > > services of my application. My User entity (not to be confused with the > User > > object provided by the User API) would store the user's Google Account ID > > and would provide the ability to determine if a user is registered simply > by > > querying for their Google Accounts ID in my datastore. It would eliminate > > having to store client side cookies and sending raw passwords to the > server. > > So far it seems like a win-win proposition as it appears to satisfy all > my > > use cases. > > > > For those who already use Google Accounts for user authentication are you > > happy with the service? How about the services' availability track record > > and does it provide the security you had hoped it would? > > > > For those using Google Accounts along with GWT have you found any > specific > > issues related to using it with GWT (I am using RPC BTW) that you can > > relate? > > > > I am looking forward to reading your feedback and responses and thanks in > > advance. > > > > Jeff > > > > > > > > > > -- > > Jeff Schwartz > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<google-appengine%[email protected]> > . > > For more options, visit this group at > > http://groups.google.com/group/google-appengine?hl=en. > > > > > > -- > gr > Wim den Ouden > Custom applications, https://e-comm.appspot.com/ > Free open source E-commerce/E-bookkeeping/E-business framework (web) > apps, http://code.google.com/p/relat/ > Gae developer tips, http://code.google.com/p/relat/wiki/gaetips > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- *Jeff Schwartz* -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
