You could calculate the MD5 hash. That's a one-way algorithm.
On Oct 26, 8:17 pm, Don Schwarz <[email protected]> wrote:
> I would suggest that rather than using "<email> + "<somethingelse>" as your
> key names, you use F("<email>" + "<somethingelse>") where F is either an
> encryption function or a one-way hash function. You can use the javax.crypt
> package for this purpose.
>
> Alternatively, you could implement your own Key -> String conversion routine
> in place of KeyFactory.keyToString() and implement the encryption at that
> level.
>
> On Mon, Oct 26, 2009 at 2:10 PM, victor <[email protected]> wrote:
>
> > I use the com.google.appengine.api.datastore.Key as primary keys to my
> > datastore and part of the Key generation strategy is to use an e-mail:
> > Key ret = KeyFactory.createKey(<email> + <somethingelse>)
>
> > This generated key is then exposed to the browser via
> > KeyFactory.keyToString.
>
> > My concern is more on the privacy side. This serialized key could
> > easily be converted back to its original form by somebody cut and
> > pasting this key and running the following in their local machine:
> > Key ret = KeyFactory.stringToKey(<cut and pasted code from the
> > browser>)
>
> > --thus exposing the e-mail from the key.
>
> > My question is, is there a way for Google App Engine to make the
> > "KeyFactory.stringToKey" only work to return the proper key if it is
> > executed from the app where the data store is running from?
>
> > Thanks again,
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en
-~----------~----~----~----~------~----~------~--~---
