Guessability could be a problem if guessing a URL might allow someone access to something that should be hidden, or if it would allow someone to trawl through your entire datastore for some reason (e.g. to crawl it, costing you resources).
If you secure your pages anyway, or if you're happy to be crawled, guessability might not be an issue. cheers Michael On Feb 12, 2:32 pm, Andrew Badera <[email protected]> wrote: > Avoid sequential keys, use something like a GUID or UUID, nonce values, etc. > etc. > > Thanks- > - Andy Badera > - [email protected] > - (518) 641-1280 > - Tech Valley Code Camp 2009.1:http://www.techvalleycodecamp.com/ > - Google me:http://www.google.com/search?q=andrew+badera > > On Thu, Feb 12, 2009 at 9:27 AM, warreninaustintexas < > > [email protected]> wrote: > > > I'm using entity keys in the URL of my app. According to the App > > Engine documentation: "While string-encoded key values are safe to > > include in URLs, an application should only do so if key guessability > > is not an issue." > > >http://code.google.com/appengine/docs/python/datastore/keyclass.html#Key > > > How exactly do I know if guessability is an issue with my app? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
