0

Support for HTTPS

Hello, I am analyzing to develop an ecommerce application with blueprint mobile. Even though I would not process the payment through blueprint, as I would use paypal, I am still gathering private in the application.

Is there any way to encrypt this data using https or other way with Yahoo blueprint?

Thank you any feedback would be appreciated.

George Crewe

by
7 Replies
  • I think this HTTPS feature is a must.
    0
  • Is there anyone in this forum who can answer this question? This forum is so dead and silent. Seems like only Yahoo guys are using Blueprint and they don't like sharing their knowledge very much....or have too many deadlines.
    0
  • We're here and we do respond.

    We don't support HTTPS on bpapps.com right now. The closest you could get is with a dns alias (http://developer.yahoo.com/mobile/blueprintdeployguide/BP_Submitting_Applications.html#BP_DNS_Aliasing) but the communications between your server and the Blueprint servers would still be unencrypted. You might want to reduce the data you collect so you don't need the secure connection.
    0
  • QUOTE (Jason @ Jun 22 2010, 10:21 AM) <{POST_SNAPBACK}>
    We're here and we do respond.

    We don't support HTTPS on bpapps.com right now. The closest you could get is with a dns alias (http://developer.yahoo.com/mobile/blueprintdeployguide/BP_Submitting_Applications.html#BP_DNS_Aliasing) but the communications between your server and the Blueprint servers would still be unencrypted. You might want to reduce the data you collect so you don't need the secure connection.


    Its amazing that even Yahoo doesn't use a secure method to login to their apps -

    http://m.yahoo.com/w/login/user

    or am i wrong?
    0
  • Hi,

    I am building a complex commerical application on top of Blueprint that works great for us.

    For our purpose, there are two features for which a secure connection is required.
    One is during user authentication in which a username and password is needed.
    The other one is during payment of a service where credit card and other information is exchanged.

    Because HTTPs is not supported, I decided to use OpenID for authentication and an external provider for payments.
    So in both situations, I redirect the user to a secure mobile site to complete that step (login or payment).
    After completing that step, the foreign mobile site returns the user to my application.
    Again, the callback url cannot have https protocol but at that point no private information is transported ; it feels safe enough.

    (ps: from a technical point of view, I cannot see a working Blueprint solution for Https because of SSL certificate limits)

    ^ Ernest
    0
  • QUOTE (ernest.micklei @ Jun 22 2010, 10:48 AM) <{POST_SNAPBACK}>
    Hi,

    I am building a complex commerical application on top of Blueprint that works great for us.

    For our purpose, there are two features for which a secure connection is required.
    One is during user authentication in which a username and password is needed.
    The other one is during payment of a service where credit card and other information is exchanged.

    Because HTTPs is not supported, I decided to use OpenID for authentication and an external provider for payments.
    So in both situations, I redirect the user to a secure mobile site to complete that step (login or payment).
    After completing that step, the foreign mobile site returns the user to my application.
    Again, the callback url cannot have https protocol but at that point no private information is transported ; it feels safe enough.

    (ps: from a technical point of view, I cannot see a working Blueprint solution for Https because of SSL certificate limits)

    ^ Ernest


    Hello Ernest,

    Did you follow the same steps for OpenId as you take for authentication in normal websites or are the steps a bit different for mobile sites? Any link in this regard would be helpful.
    0
  • Sorry for the late response. I spent some time off in Misano, Italy :-)

    As for your question, yes, I did follow the normal steps. Some providers, such as Google, already detects a mobile device and shows the proper mobile login page.
    (http://code.google.com/apis/accounts/docs/OpenID.html). Yahoo, on the other hand, does not yet? have a mobile version (see earlier post).

    HTH,

    Ernest

    QUOTE (Ratnadeep @ Jun 23 2010, 12:16 PM) <{POST_SNAPBACK}>
    Hello Ernest,

    Did you follow the same steps for OpenId as you take for authentication in normal websites or are the steps a bit different for mobile sites? Any link in this regard would be helpful.
    0
This forum is locked.

Recent Posts

in Blueprint General Discussion