I think Eli makes some very good points. One small follow on: To keep it simple, you might just divide the key string in half, and put the first half in code and the second half in the datastore. You could use some encryption as Eli suggests, but if someone has access to your code and datastore, it would probably be trivial for them to run the decryption code so that extra hassle doesn't seem to buy much more security. On the other hand running that decryption code could be the little bit of effort that holds them back. It's all just your choice of effort to make it hard vs. how much protection that buys you.
-- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
