Lots of times there is a form on the page and the whole go out to where ever and authenticate with a token doesn't happen.
It is hard to blame a user for taking the "Login using face book" in a blue form on the page. From: google-appengine@googlegroups.com [mailto:google-appengine@googlegroups.com] On Behalf Of Rohan Chandiramani Sent: Tuesday, January 03, 2012 1:00 AM To: google-appengine@googlegroups.com Subject: Re: [google-appengine] Re: OT: Doing It Wrong But then in the case of you creating such a fake from, it's user's fault for not checking the url/ssl connection? Tbh i'd rather see a google login for every major service i use, the credentials are safer than most sites and like you said it's very convinient. If I were to lose that google account, it would be my own fault. instead of let's say... my EA account was hacked because a silly sql injection and my password being hashed with fabulous MD5 for all to see. So in a nutshell with unified logins the server side is safer, using it properly is your responibility... Don't you agree? -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/OQC-Gu0uf8wJ. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
