Since appId is generated by the container and not the gadget, and since there's a 1:1 relationship between a container and its persistent store, how is it possible for one gadget to overwrite another gadget's data?
-----Original Message----- From: Jordan Zimmerman [mailto:[email protected]] Sent: Friday, January 16, 2009 5:26 PM To: [email protected] Subject: RE: appId in service APIs >> Does Shindig do appId validation for the various service APIs >> (AppDataService, etc.) or do I need to do it? I'm concerned about >> security and App A accessing/overwriting App B's data. > >You need to do it yourself. From shindig's point of view, appId is >just an opaque string. How are others handling this? I don't know how the appId is generated but it seems that there's nothing stopping App A from accessing/overwriting App B's data. Jordan Zimmerman Principal Software Architect 831.647.4712 831.214.2990 (cell) [email protected] SHOP*COMTM All your favorite stores. OneCart(r) convenience. www.shop.com This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
