Raphael, the issue here is that he wants to maintain a blacklist. -- Ikai Lan Developer Programs Engineer, Google App Engine plus.ikailan.com | twitter.com/ikai
On Wed, Aug 17, 2011 at 12:43 AM, Raphael André Bauer < [email protected]> wrote: > What about that: > "Security and Authentication" > at > http://code.google.com/intl/de-DE/appengine/docs/java/config/webxml.html > > No server calls needed if you are ok with Google based > authentification... Works for all resources (RPCs included).. > > Best, > > Raphael > > On Tue, Aug 16, 2011 at 10:51 PM, Ikai Lan (Google) <[email protected]> > wrote: > > Yep. Datastore call and possibly Memcache (usually when someone is banned > > they stay banned). > > A optimization here would to cache something like a bloom filter > > (http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bloom+filter) > in > > local memory, and if a user hashes to "in the set", check again to the > > datastore. This will work well because the false positives/banned users > will > > be a VERY small percentage of your total user base, and it saves you the > > hassle of having to check each time. The only trick is expiring that > cache: > > you might want the cache to expire every 5-10 minutes or so, which means > a > > banned user isn't actually banned for that window. Also - since instances > > don't share memory, it's possible for instances to be out of sync from > one > > another during that window. > > > > -- > > Ikai Lan > > Developer Programs Engineer, Google App Engine > > plus.ikailan.com | twitter.com/ikai > > > > > > On Tue, Aug 16, 2011 at 11:15 AM, Renan Mobile < > [email protected]> > > wrote: > >> > >> Hello, > >> > >> I didn't figure out another way. So i check if the user is ban in each > RPC > >> call > >> > >> Atenciosamente, > >> > >> ----- > >> Presidente Renan Franca > >> ____ > >> Renan Mobile ltda: http://renanmobile.com - Soluções em Dispositivos > >> Móveis (Smartphones) com integração via web. > >> Soluções em: > >> Android (Smartphones); > >> Google Web Toolkit (Web); > >> > >> > >> > >> 2011/8/15 Rohan Chandiramani <[email protected]> > >>> > >>> Greetings gentlemen, > >>> I haven't found ANY articles either here or on SO > >>> about discussing methods of keeping the bad people out of your app, so > i'l > >>> just ask it here. > >>> I want to be able to press a button that will ban the user > >>> from accessing my app and the most straightforward thing i can think of > is > >>> on my one and only RPC call also check if the user is banned by > checking my > >>> 'banned' table. > >>> but... > >>> This costs me a database call each time. > >>> So i'm wondering, how do all the cool developers handle this problem? > >>> Like what i'm suggesting or is there a some secret api that handles it > >>> for me. > >>> I'm not asking my users to log in. > >>> Thanks, > >>> Rohan > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > Groups > >>> "Google App Engine for Java" group. > >>> To view this discussion on the web visit > >>> https://groups.google.com/d/msg/google-appengine-java/-/67aKbQA64PoJ. > >>> To post to this group, send email to > >>> [email protected]. > >>> To unsubscribe from this group, send email to > >>> [email protected]. > >>> For more options, visit this group at > >>> http://groups.google.com/group/google-appengine-java?hl=en. > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Google App Engine for Java" group. > >> To post to this group, send email to > >> [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]. > >> For more options, visit this group at > >> http://groups.google.com/group/google-appengine-java?hl=en. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine for Java" group. > > To post to this group, send email to > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/google-appengine-java?hl=en. > > > > > > -- > inc: http://ars-machina.raphaelbauer.com > tech: http://ars-codia.raphaelbauer.com > web: http://raphaelbauer.com > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
