Brian, If you plan on storing the key in a file, I would suggest using the svn:ignore feature: http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.advanced.props.special.ignore
You can tell svn to not check in any file that matches your private filename. Just let your collaborators know they're supposed to add their version of the private file after svn checkout. -Bill On Jan 23, 8:21 pm, thebrianschott <[email protected]> wrote: > Dave, > > Thank you for clarifying that. I guess I would have to put the key > into the datastore, but that may not be practical for me either. I > have not decided yet how much access to the datastore I will give > users of my app, yet. I don't think they need any, but I cannot be > sure now. > > In any case, thanks again for sticking with this discussion. > > On Jan 23, 6:51 pm, David Symonds <[email protected]> wrote: > > > On Sat, Jan 24, 2009 at 7:41 AM, thebrianschott <[email protected]> > > wrote: > > > I think I can save my secretkeyin a static file that is not "add"ed > > > to the svn and I was told by David that everything (source, etc) is > > > secreat that is committed to the appspot. So as long as the static > > > file is not "add"ed to the svn, it's secure, isn't it? > > > If it's in a static place (i.e. you use static_files or static_dir > > directives in app.yaml), it'll be accessible by any web user. Nothing > > else is directly accessible, though, so you'd be fine. > > > Dave. > > Brian in Atlanta --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
