Hi, For some reason my application handles OpenID accounts with same emails as one user. It means when I try to access datastore entities with User field of new user it also gets entities of all other users with the same email.
Is User object same as email? Pythod documentation says: "User instances are unique and comparable. If two instances are equal, then they represent the same user." (but I use Java). I think I'm doing something wrong here: Query query = pm.newQuery(Subscriber.class, "user == userParam"); query.declareImports("import com.google.appengine.api.users.User"); query.declareParameters("User userParam"); @SuppressWarnings("unchecked") List<Subscriber> results = (List<Subscriber>) query.execute(user); if (results.size()!=0) Logger.log("User logged in", results.iterator().next().getId()); ? With this problem using OpenID is very unsafe. Anybody can create an OpenID account with any email (for example with myOpenID), without email verification, and then log in to my application and get data related to all Users with this email. I believe I'm doing something wrong, so I'll really hope someone will open my eyes. Thanks, Best Regards. -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.