Are HTTP POSTs on Google App Engine secure?

Dhruv Garg

unread,

Nov 6, 2009, 12:52:26 PM11/6/09

to Google App Engine

Are the HTTP POST requests (like when I log in using my user
credentials) made to a login script in Python secure and SSL
encrypted? Or is it just a normal HTTP POST?

If it is a normal HTTP POST, is there anything I can do to make it
secure?

Thanks,
Dhruv

Barry Hunter

unread,

Nov 6, 2009, 2:22:28 PM11/6/09

to google-a...@googlegroups.com

2009/11/6 dhruvg <dhruv...@gmail.com>:

>
> Are the HTTP POST requests (like when I log in using my user
> credentials) made to a login script in Python secure and SSL
> encrypted? Or is it just a normal HTTP POST?

A HTTP POST is not encrypted at all - no more than a GET. They appear
to offer a tiny bit more security because the details arent in the
normal weblog.

>
> If it is a normal HTTP POST, is there anything I can do to make it
> secure?

Use HTTPS, ala SSL?

Or implement your own encryption using javascript client side? ;P

>
> Thanks,
> Dhruv
>
> >
>

Nick Johnson (Google)

unread,

Nov 9, 2009, 7:08:51 AM11/9/09

to google-a...@googlegroups.com

Hi dhruvg,

The Users API uses SSL for sign-in, yes - your users' credentials are never sent in the clear.

-Nick Johnson

--
Nick Johnson, Developer Programs Engineer, App Engine
Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047

Reply all

Reply to author

Forward