What about that: "Security and Authentication" at http://code.google.com/intl/de-DE/appengine/docs/java/config/webxml.html
No server calls needed if you are ok with Google based authentification... Works for all resources (RPCs included).. Best, Raphael On Tue, Aug 16, 2011 at 10:51 PM, Ikai Lan (Google) <ika...@google.com> wrote: > Yep. Datastore call and possibly Memcache (usually when someone is banned > they stay banned). > A optimization here would to cache something like a bloom filter > (http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bloom+filter) in > local memory, and if a user hashes to "in the set", check again to the > datastore. This will work well because the false positives/banned users will > be a VERY small percentage of your total user base, and it saves you the > hassle of having to check each time. The only trick is expiring that cache: > you might want the cache to expire every 5-10 minutes or so, which means a > banned user isn't actually banned for that window. Also - since instances > don't share memory, it's possible for instances to be out of sync from one > another during that window. > > -- > Ikai Lan > Developer Programs Engineer, Google App Engine > plus.ikailan.com | twitter.com/ikai > > > On Tue, Aug 16, 2011 at 11:15 AM, Renan Mobile <renanfra...@renanmobile.com> > wrote: >> >> Hello, >> >> I didn't figure out another way. So i check if the user is ban in each RPC >> call >> >> Atenciosamente, >> >> ----- >> Presidente Renan Franca >> ____ >> Renan Mobile ltda: http://renanmobile.com - Soluções em Dispositivos >> Móveis (Smartphones) com integração via web. >> Soluções em: >> Android (Smartphones); >> Google Web Toolkit (Web); >> >> >> >> 2011/8/15 Rohan Chandiramani <masterxr...@gmail.com> >>> >>> Greetings gentlemen, >>> I haven't found ANY articles either here or on SO >>> about discussing methods of keeping the bad people out of your app, so i'l >>> just ask it here. >>> I want to be able to press a button that will ban the user >>> from accessing my app and the most straightforward thing i can think of is >>> on my one and only RPC call also check if the user is banned by checking my >>> 'banned' table. >>> but... >>> This costs me a database call each time. >>> So i'm wondering, how do all the cool developers handle this problem? >>> Like what i'm suggesting or is there a some secret api that handles it >>> for me. >>> I'm not asking my users to log in. >>> Thanks, >>> Rohan >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Google App Engine for Java" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msg/google-appengine-java/-/67aKbQA64PoJ. >>> To post to this group, send email to >>> google-appengine-java@googlegroups.com. >>> To unsubscribe from this group, send email to >>> google-appengine-java+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/google-appengine-java?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine for Java" group. >> To post to this group, send email to >> google-appengine-java@googlegroups.com. >> To unsubscribe from this group, send email to >> google-appengine-java+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/google-appengine-java?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to google-appengine-java@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine-java+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > -- inc: http://ars-machina.raphaelbauer.com tech: http://ars-codia.raphaelbauer.com web: http://raphaelbauer.com -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
