I would suggest that rather than using "<email> + "<somethingelse>" as your key names, you use F("<email>" + "<somethingelse>") where F is either an encryption function or a one-way hash function. You can use the javax.crypt package for this purpose.
Alternatively, you could implement your own Key -> String conversion routine in place of KeyFactory.keyToString() and implement the encryption at that level. On Mon, Oct 26, 2009 at 2:10 PM, victor <victoraco...@gmail.com> wrote: > > I use the com.google.appengine.api.datastore.Key as primary keys to my > datastore and part of the Key generation strategy is to use an e-mail: > Key ret = KeyFactory.createKey(<email> + <somethingelse>) > > This generated key is then exposed to the browser via > KeyFactory.keyToString. > > My concern is more on the privacy side. This serialized key could > easily be converted back to its original form by somebody cut and > pasting this key and running the following in their local machine: > Key ret = KeyFactory.stringToKey(<cut and pasted code from the > browser>) > > --thus exposing the e-mail from the key. > > My question is, is there a way for Google App Engine to make the > "KeyFactory.stringToKey" only work to return the proper key if it is > executed from the app where the data store is running from? > > Thanks again, > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en -~----------~----~----~----~------~----~------~--~---