First, take a look at this article and see if it covers your needs. This is the official position on GAE and authentication.
http://code.google.com/appengine/articles/auth.html If that's not going to cut it for you, then take a look at http://www.mindrot.org/projects/jBCrypt/ If you were using GWT and weren't going to deploy for a while, then you might want to take a look at http://code.google.com/p/google-web-toolkit/wiki/RpcAuth I hope this helps. On Feb 12, 9:14 pm, John V Denley <johnvden...@googlemail.com> wrote: > really no responses on this one? > > On Feb 11, 11:19 pm, John V Denley <johnvden...@googlemail.com> wrote: > > > There are plenty of (fairly indepth & technical) conversations on here > > about the use of passwords and how to send the data/password to the > > server. > > > It very much seems a consensus that unless you are using HTTPS/SSL > > then its totally pointless doing anything on the client. > > > Given that Google App Engine does not support HTTPS/SSL, what is > > everyones opinion on this matter, what IS the best practice? > > > As a side bar on this, up to now I have been using the google account > > login to deal with all this, but have been getting a LOT of resistance > > from my potential user community who get very lost and confused about > > the process when having to create a google account, prior to being > > able to create an account in my system, hence the "need" to look at > > having my own security, which scares me as I dont know anything about > > this subject, but I want my users logons/data to be safe and secure. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.