Hi Christian. Remember the data in datastore is schemaless which means there's no clue of how data is stored. so, if someone gets inside your application he needs to know the declaration of the entity or at least how the POJO is structured in order to know how to get the data.
In python, for example, when you use the tools for manipulating/ connecting to the data in your app, you need to have a exporter/loader class thus if you don't know how entities are structured the tool will retrieve errors instead of data and even the tool is not going to allow you to connect. unless you give the intruder the declaration of the POJOs or entities in your data store. Besides, you can control, the flow of data, by implementing a module which resolve and process all the request to the datastore and you can use authentication and that's all, simple and effective. Rgds. R On Jun 1, 3:43 pm, "Ikai L (Google)" <ika...@google.com> wrote: > Here's a white paper about Google Apps security: > > http://static.googleusercontent.com/external_content/untrusted_dlcp/w... > > <http://static.googleusercontent.com/external_content/untrusted_dlcp/w...>You'll > find many of the same topics apply with regards to App Engine, though we > have not yet published an App Engine specific security whitepaper. We'll > maintain the same physical and electronic security guarantees of security > for your data, however, ultimately it'll be up to you to write your > application in a secure fashion (prevent XSS attacks, educate users about > phishing, logically segment data, etc). > > On Mon, May 31, 2010 at 9:38 AM, Christian Goudreau < > > > > goudreau.christ...@gmail.com> wrote: > > I want to understand exactly how data that I send into data store are > > secured, the limitation and what is the guarantee if someone brakes in and > > steel some personnal informations about a member ? > > > I want to build a small a application for a small business that store a lot > > of informations about their members. Those informations are sensitive and I > > was wondering how am I protected. > > > Thanks > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine for Java" group. > > To post to this group, send email to > > google-appengine-j...@googlegroups.com. > > To unsubscribe from this group, send email to > > google-appengine-java+unsubscr...@googlegroups.com<google-appengine-java%2bunsubscr...@googlegroups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-appengine-java?hl=en. > > -- > Ikai Lan > Developer Programs Engineer, Google App Engine > Blog:http://googleappengine.blogspot.com > Twitter:http://twitter.com/app_engine > Reddit:http://www.reddit.com/r/appengine -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
