Hi, You're right: you can't control WHAT (size, etc...) the users upload but you can control IF they upload: the key after /upload is generated by App Engine and has to be a valid one (not too old, not used yet, etc,,) to be usable for an update.
If you generate such an upload for authentified users, it gets pretty secure. What else you be looking for ? If it size, or content or something equivalent that means anyway that you have to get out of the browser sandbox in your application (via java applet, etc..) in order to do the additional controls you need: a regular web app can't access and check local files because of the sandbox. regards didier On Mar 11, 12:07 pm, Luca Matteis <[email protected]> wrote: > I have started using the Bloblstore Java > API:http://code.google.com/appengine/docs/java/blobstore/overview.html > > It seems like the upload form goes to something like: > > <form action="/_ah/upload/agRtaWx1chsLEhVfX0Jsb2JVcGxvYWRTZXNzaW9uX18YTww" > > This is part of appengine, it's not my code. This means I can't > prevent uploads of a given type or uploads of a given length. They get > loaded into my datastore under "__BlobInfo__" no matter what. > Isn't this sort of bad? I don't want to have my datastore be filled > with things even though it's google storing the data. Bots would just > use it to upload spam. I want the upload to happen only by some means > of authentication. > > Any ideas? -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
