Ah, sorry Benjamin, my earlier reply to gengstrand was written before id fully taken in what your blog was saying. I cant be sure that you have indeed answered my question, as it will take me a little while to filter through your blog and understand it all, but it certainly seems to cover the majority of the points, even if it feels to me like you have slightly overengineered it for what I actually need.
I forgot to mention on my previous post, that I have also played around with using a GWT "Frame" to contain the google account signup and google account login pages, but what Id like to be able to do is somehow set the URL of the page containing the frame from within the frame itself! Anyone know how to do that? I might post that separately after making sure it hasnt already been answered somewhere! Thanks, J On Feb 13, 8:31 pm, Benjamin <bsaut...@gmail.com> wrote: > John, > > I put a lot of time putting together this blog posting to consolidate > the process of authenticating a client to app engine - the sample i > posted definitely works - it's tailored for Android clients but i hope > it helps you - all about getting the auth token. > > http://javagwt.blogspot.com/2009/12/authenticating-android-app-to-goo... > > On Feb 13, 1:55 pm, gengstrand <gengstr...@gmail.com> wrote: > > > First, take a look at this article and see if it covers your needs. > > This is the official position on GAE and authentication. > > >http://code.google.com/appengine/articles/auth.html > > > If that's not going to cut it for you, then take a look > > athttp://www.mindrot.org/projects/jBCrypt/ > > > If you were using GWT and weren't going to deploy for a while, then > > you might want to take a look > > athttp://code.google.com/p/google-web-toolkit/wiki/RpcAuth > > > I hope this helps. > > > On Feb 12, 9:14 pm, John V Denley <johnvden...@googlemail.com> wrote: > > > > really no responses on this one? > > > > On Feb 11, 11:19 pm, John V Denley <johnvden...@googlemail.com> wrote: > > > > > There are plenty of (fairly indepth & technical) conversations on here > > > > about the use of passwords and how to send the data/password to the > > > > server. > > > > > It very much seems a consensus that unless you are using HTTPS/SSL > > > > then its totally pointless doing anything on the client. > > > > > Given that Google App Engine does not support HTTPS/SSL, what is > > > > everyones opinion on this matter, what IS the best practice? > > > > > As a side bar on this, up to now I have been using the google account > > > > login to deal with all this, but have been getting a LOT of resistance > > > > from my potential user community who get very lost and confused about > > > > the process when having to create a google account, prior to being > > > > able to create an account in my system, hence the "need" to look at > > > > having my own security, which scares me as I dont know anything about > > > > this subject, but I want my users logons/data to be safe and secure. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
