Hi, I don't exactly know what you mean by secure but having only the logged in people be allowed to upload will already significantly reduce spam.
And then, you can use captchas to make sure it's a human, etc. regards didier On Mar 11, 1:58 pm, Luca Matteis <[email protected]> wrote: > So you're saying I should only generate the "upload" key url if the > user is authenticated? > And that would make it secure? avoid spam and such? > > On Fri, Mar 11, 2011 at 12:32 PM, Didier Durand <[email protected]> > wrote: > > Hi, > > > You're right: you can't control WHAT (size, etc...) the users upload > > but you can control IF they upload: the key after /upload is generated > > by App Engine and has to be a valid one (not too old, not used yet, > > etc,,) to be usable for an update. > > > If you generate such an upload for authentified users, it gets pretty > > secure. > > > What else you be looking for ? If it size, or content or something > > equivalent that means anyway that you have to get out of the browser > > sandbox in your application (via java applet, etc..) in order to do > > the additional controls you need: a regular web app can't access and > > check local files because of the sandbox. > > > regards > > > didier > > > On Mar 11, 12:07 pm, Luca Matteis <[email protected]> wrote: > >> I have started using the Bloblstore Java > >> API:http://code.google.com/appengine/docs/java/blobstore/overview.html > > >> It seems like the upload form goes to something like: > > >> <form > >> action="/_ah/upload/agRtaWx1chsLEhVfX0Jsb2JVcGxvYWRTZXNzaW9uX18YTww" > > >> This is part of appengine, it's not my code. This means I can't > >> prevent uploads of a given type or uploads of a given length. They get > >> loaded into my datastore under "__BlobInfo__" no matter what. > >> Isn't this sort of bad? I don't want to have my datastore be filled > >> with things even though it's google storing the data. Bots would just > >> use it to upload spam. I want the upload to happen only by some means > >> of authentication. > > >> Any ideas? > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine for Java" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/google-appengine-java?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
