Stephen said you could use HTTPS no matter what authentication system you have.
And he suggested too hard-coding some random string in your client app and in the server; send it with all your request and check it in the server. As long as you keep that string secure, your system would be secure: >>> conn = httplib.HTTPSConnection('xxxx.appspot.com') >>> conn.putrequest('POST', 'xxxx.appspot.com') >>> conn.putheader('Content-Length', str(len(packet_send))) >>> conn.putheader('Content-Type', 'text/plain; charset="utf-8"') >>> conn.putheader('Super-Secure-Password', 'qwertyuiopadfghjklñzcvbnm134567890"') // or whatever you want >>> conn.endheaders() >>> conn.send(packet_send) and in the server (as an example if you're using webapp): class XX: def post(self): if self.request.headers['Super-Secure-Password'] != 'qwertyuiopadfghjklñzcvnm134567890': FireAlerts_UserIsNotAuthenticated() return OtherWorkHere() If you need a stronger system, you may want to use OAuth: http://code.google.com/intl/en/appengine/docs/python/oauth/overview.html However hard-code the password remains the easier way of doing authentication. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/MDSVughJHRUJ. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.