IMHO passing clear ids as text in urls is not a good idea because anything a hacker can gleam about data is opening up a can of worms that they could use to try to exploit your site and even corrupt your data. I'd look to encrypt the id or at least apply a hash such as base64 at a a minimum to obfuscate the actual id. While base64 wont deter a committed hacker it will deter many malcontents who will move on to easier pickings. Best if you can, generate an encrypted id on the server and pass that back via the url from the client.
On Thu, Jan 27, 2011 at 1:06 PM, tobik <[email protected]> wrote: > Great, thanks. > > On 27 led, 16:06, Geoffrey Spear <[email protected]> wrote: > > On Thursday, January 27, 2011 2:52:48 AM UTC-5, tobik wrote: > > > > > Thank you! That's what I wanted to know. > > > > > So basically passing Keys in urls is not a good idea, but using pure > > > IDs and Model.get_by_id() should be secure enough. Or am I wrong? I > > > tried to get access to data across namespaces but it ended up with > > > request error. So it worked as expected. > > > > Yes; IDs are only unique within a namespace, entity group, and kind, so > > passing an ID from one namespace to an instance using a different > namespace > > will either get you a different entity from the calling instance's > namespace > > or nothing, never the entity in the original namespace. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- *Jeff Schwartz* -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
