views:

83

answers:

1

I'm planning to write a web application on Google App Engine using Java. Each user needs to log in first to see all the secure account information. I have the following questions:

  1. Is Google Users Service equal to SSL? I use Google Users Service to authenticate the user. After redirecting from the Google Accounts sign-in page to my web application, are my web pages SSL-protected (I believe so because all these Google account information will be available to my page after the redirection)? If so, there seems to be no need for me to apply a CA certificate to enable SSL.

  2. Is there any e-commerce open source project for Google App Engine using Java? I see answers for Python only.

+2  A: 

To answer question #1, authenticating users with the Google Users Service is independent of SSL. When you request the user to login, they're redirected to https://www.google.com/... - a secure page - and then redirected back to your app with a cookie set that gives you the information you need, even if the redirect page is not encrypted. This is perfectly secure.

App Engine does support SSL, so you can also use that if you want, especially if you want users to purchase things.

To answer question #2, I'm not aware of any e-commerce project specifically for App Engine in Java.

dmazzoni
you might want to mention that SSL/TLS is unfortunately still not supported for custom domains
tosh
this is the url to the issue http://code.google.com/p/googleappengine/issues/detail?id=792
tosh