In the documentation, it says... "Treat the token returned by create_channel() as a secret. If a malicious application gains access to the token, it could listen to messages sent along the channel you are using."[1]
and then the following section proceeds to say... "Only one client at a time can connect to a channel using a given Client ID, so an application cannot use a Client ID for fan-out. In other words, it's not possible to create a central Client ID for connections to multiple clients (For example, you can't create a Client ID for something like a "global-high-scores" channel and use it to broadcast to multiple game clients.)"[2] If someone else gets the token so it can also "listen" to the messages being sent along the channel, what is stopping me from *legitimately* giving the same token to multiple users so they can all "listen" to the same channel? Thanks! 1 http://code.google.com/appengine/docs/python/channel/overview.html#Tokens_and_Security 2 http://code.google.com/appengine/docs/python/channel/overview.html#Caveats -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
