So you're saying I should only generate the "upload" key url if the user is authenticated? And that would make it secure? avoid spam and such?
On Fri, Mar 11, 2011 at 12:32 PM, Didier Durand <[email protected]> wrote: > Hi, > > You're right: you can't control WHAT (size, etc...) the users upload > but you can control IF they upload: the key after /upload is generated > by App Engine and has to be a valid one (not too old, not used yet, > etc,,) to be usable for an update. > > If you generate such an upload for authentified users, it gets pretty > secure. > > What else you be looking for ? If it size, or content or something > equivalent that means anyway that you have to get out of the browser > sandbox in your application (via java applet, etc..) in order to do > the additional controls you need: a regular web app can't access and > check local files because of the sandbox. > > regards > > didier > > On Mar 11, 12:07 pm, Luca Matteis <[email protected]> wrote: >> I have started using the Bloblstore Java >> API:http://code.google.com/appengine/docs/java/blobstore/overview.html >> >> It seems like the upload form goes to something like: >> >> <form >> action="/_ah/upload/agRtaWx1chsLEhVfX0Jsb2JVcGxvYWRTZXNzaW9uX18YTww" >> >> This is part of appengine, it's not my code. This means I can't >> prevent uploads of a given type or uploads of a given length. They get >> loaded into my datastore under "__BlobInfo__" no matter what. >> Isn't this sort of bad? I don't want to have my datastore be filled >> with things even though it's google storing the data. Bots would just >> use it to upload spam. I want the upload to happen only by some means >> of authentication. >> >> Any ideas? > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
