google account security ?

Posted by Chez on Stack Overflow See other posts from Stack Overflow or by Chez
Published on 2010-04-07T09:10:01Z Indexed on 2010/04/07 9:13 UTC
Read the original article Hit count: 271

Filed under:
|

I want to write a web-app which would ask the user to pass their google account (user and pwd) so that it can access their google data. I understand google supports alternative ways to do this, such as AuthSub and OathAuthSub.

Also google discourages apparently clientLogin (which would be my approach) for web apps.

My question is: if I were asking the user to register to my app by passing me a 'read only' google account ? so effectively I don't ask them to pass me their account but to create another account which is readonly. does anybody see anything wrong with this ? am I missing something ? Since their google account continues to be the admin they don't risk (in terms of security) anything.

Any help would be welcome ? Thanks

© Stack Overflow or respective owner

Related posts about google

Related posts about web-security