python + jquery 2011/2/1 Jeff Schwartz <[email protected]>: > Are you also using GWT by chance? > > On Tue, Feb 1, 2011 at 9:15 AM, Wim den Ouden <[email protected]> wrote: >> >> google accounts and the user api just works for me, allways there. >> wim >> >> 2011/2/1 Jeff Schwartz <[email protected]>: >> > Hi all, >> > >> > I hope you don't mind me cross posting this to both the gwt and app >> > engine >> > groups since I'd really like to get the opinions of users on both >> > platforms. >> > >> > I'm in the middle of developing a gwt application on app engine. The >> > application's security requirements are that non members, meaning those >> > that >> > haven't registered, are restricted to viewing only the application's >> > public >> > 'page'. >> > >> > What I developed for authentication is home grown using my own login >> > form, >> > client side cookies and a User entity with password and email address >> > stored >> > in the application's data store. While my home grown implementation >> > works >> > perfectly I am not comfortable with the security implications of cookies >> > and >> > passing raw passwords to the server to authenticate my users. I also can >> > not >> > use SSL at this time as financial constraints unfortunately prohibit any >> > expenditures on this project. >> > >> > As I place my users' privacy and security above all else I am therefore >> > looking to implement a better solution; one that would if possible >> > eliminate >> > my responsibility altogether of having to store cookies and passwords >> > and >> > transport them via HTTP when authenticating. >> > >> > One alternative that I am currently considering is using Google Accounts >> > to >> > authenticate my users along with my own User entity that would store the >> > additional information users must provide when registering to use the >> > services of my application. My User entity (not to be confused with the >> > User >> > object provided by the User API) would store the user's Google Account >> > ID >> > and would provide the ability to determine if a user is registered >> > simply by >> > querying for their Google Accounts ID in my datastore. It would >> > eliminate >> > having to store client side cookies and sending raw passwords to the >> > server. >> > So far it seems like a win-win proposition as it appears to satisfy all >> > my >> > use cases. >> > >> > For those who already use Google Accounts for user authentication are >> > you >> > happy with the service? How about the services' availability track >> > record >> > and does it provide the security you had hoped it would? >> > >> > For those using Google Accounts along with GWT have you found any >> > specific >> > issues related to using it with GWT (I am using RPC BTW) that you can >> > relate? >> > >> > I am looking forward to reading your feedback and responses and thanks >> > in >> > advance. >> > >> > Jeff >> > >> > >> > >> > >> > -- >> > Jeff Schwartz >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Google App Engine" group. >> > To post to this group, send email to [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]. >> > For more options, visit this group at >> > http://groups.google.com/group/google-appengine?hl=en. >> > >> >> >> >> -- >> gr >> Wim den Ouden >> Custom applications, https://e-comm.appspot.com/ >> Free open source E-commerce/E-bookkeeping/E-business framework (web) >> apps, http://code.google.com/p/relat/ >> Gae developer tips, http://code.google.com/p/relat/wiki/gaetips >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> > > > > -- > Jeff Schwartz > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. >
-- gr Wim den Ouden Custom applications, https://e-comm.appspot.com/ Free open source E-commerce/E-bookkeeping/E-business framework (web) apps, http://code.google.com/p/relat/ Gae developer tips, http://code.google.com/p/relat/wiki/gaetips -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
