Stephen said you could use HTTPS no matter what authentication system you
have.
And he suggested too hard-coding some random string in your client app and
in the server; send it with all your request and check it in the server. As
long as you keep that string secure, your system would be secure:
>>> conn = httplib.HTTPSConnection('xxxx.appspot.com')
>>> conn.putrequest('POST', 'xxxx.appspot.com')
>>> conn.putheader('Content-Length', str(len(packet_send)))
>>> conn.putheader('Content-Type', 'text/plain; charset="utf-8"')
>>> conn.putheader('Super-Secure-Password',
'qwertyuiopadfghjklñzcvbnm134567890"') // or whatever you want
>>> conn.endheaders()
>>> conn.send(packet_send)
and in the server (as an example if you're using webapp):
class XX:
def post(self):
if self.request.headers['Super-Secure-Password'] !=
'qwertyuiopadfghjklñzcvnm134567890':
FireAlerts_UserIsNotAuthenticated()
return
OtherWorkHere()
If you need a stronger system, you may want to use OAuth:
http://code.google.com/intl/en/appengine/docs/python/oauth/overview.html
However hard-code the password remains the easier way of doing
authentication.
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-appengine/-/MDSVughJHRUJ.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en.
