Hello, to compare Users the only safe field is the unique User ID that is exposed via getUserId() method.
http://code.google.com/appengine/docs/java/users/overview.html#Accessing_Account_Information Also getFederatedIdentity() could be a good bet, but documentation recommends using the identifier. I only use the email field after the user has been logged in, and restricting to Google as a provider. This should be safe enough. I think the only way to group accounts is to use IDs and set up an external verification like SMS or email confirmation. Regards Lorenzo On Oct 24, 10:04 pm, trustamli <mc2...@gmail.com> wrote: > Hi, > > For some reason my application handles OpenID accounts with same > emails as one user. It means when I try to > access datastore entities with User field of new user it also gets > entities of all other users with the same email. > > Is User object same as email? Pythod documentation says: "User > instances are unique and comparable. If two instances are equal, then > they represent the same user." (but I use Java). > > I think I'm doing something wrong here: > > Query query = pm.newQuery(Subscriber.class, "user == userParam"); > query.declareImports("import com.google.appengine.api.users.User"); > query.declareParameters("User userParam"); > > �...@suppresswarnings("unchecked") > List<Subscriber> results = (List<Subscriber>) query.execute(user); > if (results.size()!=0) > Logger.log("User logged in", results.iterator().next().getId()); > > ? > > With this problem using OpenID is very unsafe. Anybody can create an > OpenID account with any email (for example with myOpenID), without > email verification, and then log in to my application and get data > related to all Users with this email. > > I believe I'm doing something wrong, so I'll really hope someone will > open my eyes. > > Thanks, > Best Regards. -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
