I can understand and relate to users' suspicions and concerns regarding privacy and security. What I intend to do is to explain the whole process to them before they are directed to Google Accounts login.
On Wed, Feb 2, 2011 at 4:05 PM, Sandeep Arneja <[email protected]> wrote: > Yes you are absolutely correct. With google auth I do not need to > maintain a login page as user is redirected to googles login page when > authentication is needed. > But my problem remains the same. Users come to my site and then are > forwarded to the google login page asking for their google > credentials. This gives users the false belief that I ("the > application owner") am going to recieve ther google password. Many > users are not comfortable with the idea of giving their google > credentials to me and thus do not sign up/in. This hurts business. > > PS: Its needless to say that we both know that applications dont get > the users password but i don't think users get that at first glance, > specially when they are browsing through and debating if they should > sign up. > > Thx > Sandeep > > On Feb 1, 4:58 pm, Jeff Schwartz <[email protected]> wrote: > > Hi Sandeep, > > > > I would have thought that by using Google Accounts to authenticate users > it > > would eliminate the need for having a login page altogether. If the user > > isn't logged in then just let the User api forward them to Google's login > > page and redirect them back to your site once they've logged in. Am I > right > > or am I missing something here? > > > > Jeff > > > > > > > > On Tue, Feb 1, 2011 at 4:51 PM, Sandeep Arneja <[email protected]> > wrote: > > > I am in favor of google auth for all the reasons you mentioned. It > > > makes things easier, more reliable and cheaper for me. My only concern > > > is that most of my new users feel skeptical at first glance when > > > providing their google credentials during the sign up process. During > > > my demos 90% of my users have said "I hope u won't steal my google > > > password". Now both you and I know that google doesn't share the users > > > private data let alone the password. The log in page even tells that > > > to all users but this is not apparent and is not the users first > > > impression. Google analytics shows me that this is huring my sign ups. > > > I am considering removing google auth but would like everyones input > > > before I do so. > > > > > Thanks > > > Sandeep > > > > > On Feb 1, 9:08 am, Jeff Schwartz <[email protected]> wrote: > > > > Hi all, > > > > > > I hope you don't mind me cross posting this to both the gwt and app > > > engine > > > > groups since I'd really like to get the opinions of users on both > > > platforms. > > > > > > I'm in the middle of developing a gwt application on app engine. The > > > > application's security requirements are that non members, meaning > those > > > that > > > > haven't registered, are restricted to viewing only the application's > > > public > > > > 'page'. > > > > > > What I developed for authentication is home grown using my own login > > > form, > > > > client side cookies and a User entity with password and email address > > > stored > > > > in the application's data store. While my home grown implementation > works > > > > perfectly I am not comfortable with the security implications of > cookies > > > and > > > > passing raw passwords to the server to authenticate my users. I also > can > > > not > > > > use SSL at this time as financial constraints unfortunately prohibit > any > > > > expenditures on this project. > > > > > > As I place my users' privacy and security above all else I am > therefore > > > > looking to implement a better solution; one that would if possible > > > eliminate > > > > my responsibility altogether of having to store cookies and passwords > and > > > > transport them via HTTP when authenticating. > > > > > > One alternative that I am currently considering is using Google > Accounts > > > to > > > > authenticate my users along with my own User entity that would store > the > > > > additional information users must provide when registering to use the > > > > services of my application. My User entity (not to be confused with > the > > > User > > > > object provided by the User API) would store the user's Google > Account ID > > > > and would provide the ability to determine if a user is registered > simply > > > by > > > > querying for their Google Accounts ID in my datastore. It would > eliminate > > > > having to store client side cookies and sending raw passwords to the > > > server. > > > > So far it seems like a win-win proposition as it appears to satisfy > all > > > my > > > > use cases. > > > > > > For those who already use Google Accounts for user authentication are > you > > > > happy with the service? How about the services' availability track > record > > > > and does it provide the security you had hoped it would? > > > > > > For those using Google Accounts along with GWT have you found any > > > specific > > > > issues related to using it with GWT (I am using RPC BTW) that you can > > > > relate? > > > > > > I am looking forward to reading your feedback and responses and > thanks in > > > > advance. > > > > > > Jeff > > > > > > -- > > > > *Jeff Schwartz* > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Google App Engine" group. > > > To post to this group, send email to [email protected] > . > > > To unsubscribe from this group, send email to > > > [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]<google-appengine%[email protected]> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/google-appengine?hl=en. > > > > -- > > *Jeff Schwartz* > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- *Jeff Schwartz* -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
