google account security ?
Posted
by Chez
on Stack Overflow
See other posts from Stack Overflow
or by Chez
Published on 2010-04-07T09:10:01Z
Indexed on
2010/04/07
9:13 UTC
Read the original article
Hit count: 271
web-security
I want to write a web-app which would ask the user to pass their google account (user and pwd) so that it can access their google data. I understand google supports alternative ways to do this, such as AuthSub and OathAuthSub.
Also google discourages apparently clientLogin (which would be my approach) for web apps.
My question is: if I were asking the user to register to my app by passing me a 'read only' google account ? so effectively I don't ask them to pass me their account but to create another account which is readonly. does anybody see anything wrong with this ? am I missing something ? Since their google account continues to be the admin they don't risk (in terms of security) anything.
Any help would be welcome ? Thanks
© Stack Overflow or respective owner