On Apr 7, 5:18 pm, "Nick Johnson (Google)" <nick.john...@google.com> wrote: > Hi Dhruv, > > While this is an interesting project, providing direct access to the > datastore from client-side code has very serious security implications. Any > user can manipulate your data in any way, exposing private user data, > modifying data, or erasing it.
Hello Nick, I agree with you. Any app. that uses this, would have to hook onto every datastore URL request(put_entity/get_entity, etc..) and check the credentials of the requester. That alone would not be sufficient since anyone (authenticated user) could potentially query the datastore and get any user's details out. So, I am guessing this isn't good to store user details, but for implementing something that doesn't require authentication like an etherpad (not quite since I guess the etherpad URL is known only to the creator and people he/she shares it with), it could probably be worked out. Either ways, I thought of doing this as an exercise in javascript and a tool that provides a low entry barrier for anyone who wnats to learn about the appengine datastore and try things out themselves without going through the rigmarole (not quite the word I was looking for since you guys have made it _really_ simple to deploy apps; +1 to the appengine team!!) of creating a sample app. Regards, -Dhruv. > > -Nick Johnson > > > > On Wed, Apr 7, 2010 at 6:02 AM, dhruvbird <dhruvb...@gmail.com> wrote: > > Hello all, > > I was just trying out some stuff and managed to get data store query > > working from javascript on the browser.http://gaequery.appspot.com/ > > So, I made an appspot app. for demonstrating that. You can now write > > applications entirely in Javascript(with custom server side code for > > auth. and security), and write all your CRUD in Javascript on the > > browser itself. > > > Regards, > > -Dhruv. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to google-appeng...@googlegroups.com. > > To unsubscribe from this group, send email to > > google-appengine+unsubscr...@googlegroups.com<google-appengine%2bunsubscr...@googlegroups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-appengine?hl=en. > > -- > Nick Johnson, Developer Programs Engineer, App Engine Google Ireland Ltd. :: > Registered in Dublin, Ireland, Registration Number: 368047 > Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: > 368047 -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
