That explanation was perfect. Thanks, Uros! -- Ikai Lan Developer Programs Engineer, Google App Engine Blogger: http://googleappengine.blogspot.com Reddit: http://www.reddit.com/r/appengine Twitter: http://twitter.com/app_engine
On Wed, Jan 26, 2011 at 4:37 PM, Uros Trebec <[email protected]> wrote: > If you read about the Key class (http://code.google.com/intl/cs/ > appengine/docs/python/datastore/keyclass.html) you'll come across the > fact that Key is defined by a few values: appid, kind, id/name, > namespace, parent, etc. > You would think that this is all good and well until you come to the > fact that you can get the Key object encoded into a string which can > be passed around the application (helpful when you're doing some stuff > with TaskQueues). Now, sometimes it is useful to use the encoded key > as a reference to something in a GET/POST request from the client. > There's nothing wrong with that if you don't use the namespaces. > However, when namespaces are used to separate the objects in the > Datastore and you rely on the fact that the namespace_manager will > manage the namespace for queries, things get complicated. > > See, the encoded key can be decoded directly to a Key object and as > such can have the namespace value defined. This means that if you use > this Key to fetch an object from the Datastore the fetched object > might be from other namespace as currently defined in the > namespace_manager and should not be accessible. This is a potential > vulnerability if you do not validate the namespace in the Key before > using it. > > Did I got this right? > > Regards, > Uros > > > On Jan 26, 10:09 pm, tobik <[email protected]> wrote: > > Google mentions some vulnerabilities when working with Namespaces: > > > > Note: An application that reads Keys, or other namespace-aware > > objects, from untrusted sources (like the web browser client) > > introduces security vulnerabilities. Applications that rely on keys > > from untrusted sources must incorporate a security layer verifying > > that the current user is authorized to access the requested > > namespace. > http://code.google.com/intl/cs/appengine/docs/python/multitenancy/mul... > > > > I'm not sure if I understand it correctly. What kind of > > vulnerabilities does Google mean? Could you provide me some example, > > what should I be careful about? > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
