I would suggest that rather than using "<email> + "<somethingelse>" as your
key names, you use F("<email>" + "<somethingelse>") where F is either an
encryption function or a one-way hash function. You can use the javax.crypt
package for this purpose.
Alternatively, you could implement your own Key -> String conversion routine
in place of KeyFactory.keyToString() and implement the encryption at that
level.
On Mon, Oct 26, 2009 at 2:10 PM, victor <victoraco...@gmail.com> wrote:
>
> I use the com.google.appengine.api.datastore.Key as primary keys to my
> datastore and part of the Key generation strategy is to use an e-mail:
> Key ret = KeyFactory.createKey(<email> + <somethingelse>)
>
> This generated key is then exposed to the browser via
> KeyFactory.keyToString.
>
> My concern is more on the privacy side. This serialized key could
> easily be converted back to its original form by somebody cut and
> pasting this key and running the following in their local machine:
> Key ret = KeyFactory.stringToKey(<cut and pasted code from the
> browser>)
>
> --thus exposing the e-mail from the key.
>
> My question is, is there a way for Google App Engine to make the
> "KeyFactory.stringToKey" only work to return the proper key if it is
> executed from the app where the data store is running from?
>
> Thanks again,
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-java@googlegroups.com
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en
-~----------~----~----~----~------~----~------~--~---
