Avoid sequential keys, use something like a GUID or UUID, nonce values, etc.
etc.
Thanks-
- Andy Badera
- and...@badera.us
- (518) 641-1280
- Tech Valley Code Camp 2009.1: http://www.techvalleycodecamp.com/
- Google me: http://www.google.com/search?q=andrew+badera
On Thu, Feb 12, 2009 at 9:27 A
Guessability could be a problem if guessing a URL might allow someone
access to something that should be hidden, or if it would allow
someone to trawl through your entire datastore for some reason (e.g.
to crawl it, costing you resources).
If you secure your pages anyway, or if you're happy to be
Okay. Thanks for the response. So my interpretation of the App
Engine documentation is this:
"If you use the default App Engine key values, they are safe to
include in URLs. If you use your own key generation algorithm, you
will have to either (1) safeguard your app from people guessing keys,
oops, not quite. The default appengine keys are essentially a couple
of values, combined and base64-encoded. So the string of letters and
numbers you see might actually be ["Customer", 123] when decoded. For
this reason, they're just as guessable as keys you make yourself.
If guessability is a pr
Awesome - thank you. That's exactly the information that I was
looking for.
On Feb 12, 10:40 am, "Michael O'Brien" wrote:
> oops, not quite. The default appengine keys are essentially a couple
> of values, combined and base64-encoded. So the string of letters and
> numbers you see might actuall
