Hi hawkett, On Tue, Jun 23, 2009 at 10:11 AM, hawkett <[email protected]> wrote:
> > Hi, > > I have a question about the security of the remote_api - looking > through the source code, I noticed that ConfigureRemoteDatastore takes > a 'secure' parameter, which is False by default. I assume this means > that any data submitted via remote_api is done in plain text. What > about the credentials that are obtained using the auth_func() shown in > the example? Authentication is always performed over a secure channel, but the cookie obtained with authentication is then transmitted in the clear if secure=True is not specified. > > > Is the secure option supported? When I set secure=True (in code > that works fine when it is set to False), I get > > 'urllib2.HTTPError: HTTP Error 302: Found' > > which I assume is a redirect to a login page. If it is supported, > what is the process for it use? Thanks, Did you set "secure: always" or "secure:optional" for the remote_api handler in app.yaml? -Nick Johnson > > Colin > > > -- Nick Johnson, App Engine Developer Programs Engineer Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
