How to protect GAE db without using SSL when client is Android
Question
I just started to learn GAE and noticed that there can be access to my servlets from anywhere. My GAE is only used by an Android app to store user data and to keep track of users and GCM regId's.
The expensive GAE SSL implementation in this stage is overkill for me so I need advice on alternative solutions. I read many answers about this and and they all using some form of HTTP login page or other browser related access. I use com.android.volley in my Android app.
Any advice would be grate.
1 answers
solution1
2 2014-02-24 14:48:28
For *.appspot.com domains, SSL is available. Please refer to the following for configuring your application : https://developers.google.com/appengine/docs/java/config/webxml#Secure_URLs
You could also look at Google Cloud Endpoints to expose your APIs and ensure that you enable security for the different methods that you expose. You can also specify the Client Ids that the Android Application will be using to authenticate itself to your Endpoints implementation. https://developers.google.com/appengine/docs/java/endpoints/ '
Check out Android Endpoints client too : https://developers.google.com/appengine/docs/java/endpoints/consume_android
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.