You can get the IP address of the client using self.request.remote_addr. When verifying this remember to handle IPV6 addresses too, or you'll have problems soon - I'm starting to see IPV6 addresses already.
If there is any risk attached with access to the app, (e.g. personal or commercially sensitive data), you would be very wise to authenticate requests, as well as checking IP address. Secure authentication requires two requests - obviously a single request including a password/token in your request is very insecure because a listener can see the password/token and then replicate the request. However two requests are not ideal for a web service - it requires session handling and it doubles the latency. I have a neat solution for this - contact me directly if you'd like more information. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
