I would use the key's id and not the full key which contains too much private information. Also, at a minimum, convert the id to base64 url friendly. It won't stop a committed hacker but it will offer some obfuscation. You could use a stronger encryption than base64 of course as base64 is easy to decrypt.
On Mon, Jul 12, 2010 at 3:42 PM, Felippe Bueno <felippe.bu...@gmail.com>wrote: > Hi, > > I'm using python/django and I'm planing to use the following URL design: > > /application/edit/content/KEY/ > > where KEY is the datastore key of 'content'. > > Ex: > /application/edit/content/aghlcHVicHViMnILCxIFSXNzdWUYHww/ > > Is there any security problem ? > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com<google-appengine%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- -- Jeff -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
