I use the com.google.appengine.api.datastore.Key as primary keys to my datastore and part of the Key generation strategy is to use an e-mail: Key ret = KeyFactory.createKey(<email> + <somethingelse>)
This generated key is then exposed to the browser via KeyFactory.keyToString. My concern is more on the privacy side. This serialized key could easily be converted back to its original form by somebody cut and pasting this key and running the following in their local machine: Key ret = KeyFactory.stringToKey(<cut and pasted code from the browser>) --thus exposing the e-mail from the key. My question is, is there a way for Google App Engine to make the "KeyFactory.stringToKey" only work to return the proper key if it is executed from the app where the data store is running from? Thanks again, --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en -~----------~----~----~----~------~----~------~--~---