[google-appengine] Re: How-to for SSL - Aaron Krill - com.googlegroups.google-appengine

17 messages in com.googlegroups.google-appengine[google-appengine] Re: How-to for SSL

From	Sent On	Attachments
Filip	14 Apr 2008 01:07
hads	14 Apr 2008 02:39
Filip	14 Apr 2008 02:56
Brett Morgan	14 Apr 2008 02:58
Filip Verhaeghe	14 Apr 2008 03:05
Brett Morgan	14 Apr 2008 03:08
Filip Verhaeghe	14 Apr 2008 03:18
Brett Morgan	14 Apr 2008 04:17
matt wilbert	14 Apr 2008 06:02
Filip Verhaeghe	14 Apr 2008 06:13
matt wilbert	14 Apr 2008 06:24
Cuong Tran	14 Apr 2008 11:15
Filip Verhaeghe	15 Apr 2008 00:14
Brett Morgan	15 Apr 2008 00:43
Aaron Krill	15 Apr 2008 00:52
Filip Verhaeghe	15 Apr 2008 00:52
Brett Morgan	15 Apr 2008 00:58

Subject:	[google-appengine] Re: How-to for SSL
From:	Aaron Krill (aar...@krillr.com)
Date:	04/15/2008 12:52:36 AM
List:	com.googlegroups.google-appengine

I think SSL is an important part of any webservice, though I agree it isn't crucial at this point. Right now AppEngine is for development and testing purposes, meaning it is NOT PRODUCTION READY and as such should not be trusted or used for any real-world purposes. Development should never require SSL as you should never be transmitting private data during development.

It still would be nice to know what Google will be doing for SSL. They'll probably charge a yearly fee for an SSL cert or something later on after the beta.

On Tue, Apr 15, 2008 at 12:44 AM, Brett Morgan <bret...@gmail.com> wrote:

This is early access stuff, and i don't honestly feel that the other teams you have nominated are really competitors with GAE in terms of stupidly scalable webapp building solutions.

On Tue, Apr 15, 2008 at 5:14 PM, Filip Verhaeghe <fili...@gmail.com> wrote:

Well, let's hope Google catches up with its competitors quickly then!

Right now, I have the option of sending my data to Google App Engine's competitors, Microsoft SSDS or Amazon SimpleDB, both of which have a secure database connection. Microsoft SSDS uses SSL. Clearly, it can be done.

But Google currently has the nicest integrated application hosting environment that develops and scales easiest (for now at least until April 23). Google is teaming up this week with Salesforce to get a better grip on the enterprise market. Why does it prevent developers from using App Engine in busines environments? I do understand the feature might be only for paying users, but I don't see the relevance of this. It is still going to be needed in a beta phase. I can convince customers to participate in beta testing my software, and that they should trust Google with their data. I can even get away with using the *.appspot.com domain during the beta phase. But I can't say I'm going to send data in cleartext over the Internet.

Filip.

On 4/14/08, Cuong Tran <ctr...@pragmaquest.com> wrote:

I think Hads made it clear: you can not!

On Apr 14, 2008, at 4:56 AM, Filip wrote:

Hads,

So how would I transmit encrypted data from the browser to the App Engine servers using SSL?

On 14 apr, 11:40, hads <hadl...@gmail.com> wrote:

On Apr 14, 8:08 pm, Filip <fili...@gmail.com> wrote:

Does anybody have any experience using secure connections from the Google App Engine. I understand it currently does not support

SSL,

but

I need to upload some data to do tests and I need an SSL encrypted transfer.

Is there a way of using SSL anyway, and perhaps tell the browser to ignore the fact that the Google certificate URL does not match the appspot.com url?

That's not really the way SSL works. App Engine not supporting SSL really does mean that you can't use SSL.