Hi Arne, Thanks a lot for this vital input.
This is a great question. Technically, the entire request url and > post body are signed. You can verify that any parameters in the > request are exactly what was passed to the container via the > makeRequest call, or added by the container itself. Does this mean that credit card etc. can be safely sent using Signed Request mechanism, and we don't need to use HTTPS url as we do in normal websites? thanks, Sanjay --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
