Thank you! That's what I wanted to know. So basically passing Keys in urls is not a good idea, but using pure IDs and Model.get_by_id() should be secure enough. Or am I wrong? I tried to get access to data across namespaces but it ended up with request error. So it worked as expected.
On 27 led, 01:37, Uros Trebec <[email protected]> wrote: > If you read about the Key class (http://code.google.com/intl/cs/ > appengine/docs/python/datastore/keyclass.html) you'll come across the > fact that Key is defined by a few values: appid, kind, id/name, > namespace, parent, etc. > You would think that this is all good and well until you come to the > fact that you can get the Key object encoded into a string which can > be passed around the application (helpful when you're doing some stuff > with TaskQueues). Now, sometimes it is useful to use the encoded key > as a reference to something in a GET/POST request from the client. > There's nothing wrong with that if you don't use the namespaces. > However, when namespaces are used to separate the objects in the > Datastore and you rely on the fact that the namespace_manager will > manage the namespace for queries, things get complicated. > > See, the encoded key can be decoded directly to a Key object and as > such can have the namespace value defined. This means that if you use > this Key to fetch an object from the Datastore the fetched object > might be from other namespace as currently defined in the > namespace_manager and should not be accessible. This is a potential > vulnerability if you do not validate the namespace in the Key before > using it. > > Did I got this right? > > Regards, > Uros > > On Jan 26, 10:09 pm, tobik <[email protected]> wrote: > > > Google mentions some vulnerabilities when working with Namespaces: > > > Note: An application that reads Keys, or other namespace-aware > > objects, from untrusted sources (like the web browser client) > > introduces security vulnerabilities. Applications that rely on keys > > from untrusted sources must incorporate a security layer verifying > > that the current user is authorized to access the requested > > namespace.http://code.google.com/intl/cs/appengine/docs/python/multitenancy/mul... > > > I'm not sure if I understand it correctly. What kind of > > vulnerabilities does Google mean? Could you provide me some example, > > what should I be careful about? > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
