I am currently working on a App that requires that I use a custom sign in method.
I was wondering if there are any security flaws I should be aware of... Also: I was wondering if I must use SSL for proper security? Is the best way to maintain sessions through using cookies? Do I have to perform some sort of check on the cookie even though I'm using SSL? If so should I maybe use a separate hash cookie? Is directly writing cookies to the "set-cookie" header and retrieving them by parsing the "cookie" header, okay? Or is there a security flaw I should be aware of? Thanks for all your help! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---