The frame works fine when logging in. If its a security risk please elaborate, Im onlt using Google accounts because I dont really know how to do my own security, and Im guessing that even using google via a frame is more secure than trying to do it myself!
When creating an account it does not take the user back to the original page as there is a total disconnect after the user clicks on the link in the email sent from google. Google have informed me that this is a known issue, but has a low priority (which is understandable). I have now created what I think is a reasonable compromise. Only time will tell if our potential customers are ok with the process! On Feb 18, 7:04 pm, Brian <bwa...@gmail.com> wrote: > You shouldn't use a frame. It is a security problem, and right of > google login code to break out of it. > > After they make a new account, if not using a frame, I believe it > forwards the user back to the page they were trying to go to. Seems to > work pretty well. > > On Feb 18, 8:40 am, John V Denley <johnvden...@googlemail.com> wrote: > > > I have been trying to leverage google accounts for security for my > > users, but the way its working is really preventing useability within > > my application, its very frustrating > > > Ive just spent the best part of the last week trying to get the google > > account login to work in an frame within my application. Ive run into > > a number of related issues (see other threads in the GWT group) which > > I have manage to work through finally. (Thanks to everyone who helped > > out and provided input) > > > However, I have just tried clicking on the "create an account now" > > link which is what will be used by any new user who doesnt currently > > have a google account, but the account creation window has "frame > > breakout" code on it, which takes my users away from my application > > again, and then after clicking on the email link to confirm thier new > > account, the user is NOT taken back to my application but are just > > congratulated for creating a google account. > > > The problem is that the user is then left thinking "now what do i do?" > > and several of the people we are talking to have just given up at that > > point! > > > Has anyone else successfully integrated Google accounts into their > > applications? > > > Should I create my own logins rather than using Google accounts? I > > have struggled with getting a consistent answer to the problem of how > > to send passwords to the server given that GAE doesnt support SSL or > > HTTPS yet. Everyone seems to say that any client side encoding is > > pointless, but it seems to me that some form of encoding has to be > > better than not encoding at all!! -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
