Hi Jon, How about using something like OAuth? Then you'll store a token, but you can restrict that token's access to 'select' resources. If the device gets stolen, you can cancel that token.
Robert On Thu, Feb 3, 2011 at 23:16, [email protected] <[email protected]> wrote: > I'm working on an a GAE application where the front end will be > embedded into a hardware device. To keep things simple we were going > to have the user log in using their Google account. This account is > stored in the device since the device operates without the user > present. Another example of a device like this is Internet TVs. If you > want to use YouTube from a Samsung TV it stores your Google login. > > Storing the account data introduces a potential security hole. These > devices are connected to the Internet and they are vulnerable to > getting hacked. > > Limited capability Google sub-accounts could control this security > risk. For example gmail already allows '+' in your login name. > 'jonsmirl' and 'jonsmirl+tv' both map to the same account. I'd like to > be able to make a sub-account like 'jonsmirl+tv' and only let it have > access to playing my YouTube videos and nothing else - no YouTube > upload, delete, no gmail, etc. Another example - a security camera > with post only access to YouTube. If someone steals the camera they > won't be able to get to the video. Or a medical device uploading data > via a cell phone, etc.. In my current situation I only want the > sub-account to be able to access GAE (no gmail access). > > But I still want my main account to be able to access all of Google. > My main account is going to be used to look at the data being uploaded > into GAE. > > These sub-accounts would have separate passwords. You could make them > long and complicated since they will be embedded into hardware. Now if > the hardware is compromised the damage is contained. Use the main > account to change the password and you are ok (except for any damage > done). You have to allow for this hardware being hacked, lost, stolen, > etc and the credentials being inside it. > > I can work around this by have the user create a separate Google > account. I can then link the data arriving on this account to their > main account. But this pollutes the Google account namespace and it > is hard for the user to keep track of. Sub-accounts are a much nicer > option. > > -- > Jon Smirl > [email protected] > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
