Hi,
For some reason my application handles OpenID accounts with same
emails as one user. It means when I try to
access datastore entities with User field of new user it also gets
entities of all other users with the same email.
Is User object same as email? Pythod documentation says: "User
instances are unique and comparable. If two instances are equal, then
they represent the same user." (but I use Java).
I think I'm doing something wrong here:
Query query = pm.newQuery(Subscriber.class, "user == userParam");
query.declareImports("import com.google.appengine.api.users.User");
query.declareParameters("User userParam");
@SuppressWarnings("unchecked")
List<Subscriber> results = (List<Subscriber>) query.execute(user);
if (results.size()!=0)
Logger.log("User logged in", results.iterator().next().getId());
?
With this problem using OpenID is very unsafe. Anybody can create an
OpenID account with any email (for example with myOpenID), without
email verification, and then log in to my application and get data
related to all Users with this email.
I believe I'm doing something wrong, so I'll really hope someone will
open my eyes.
Thanks,
Best Regards.
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-j...@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
