Question Follow up from Chicago Code Camp

One of the questions I had at the Chicago Code Camp in my Google App Engine presentation was about permissions on deleting values from table storage. In GAE, each item in the datastore has a globally unique key-absolutely unique across all entities in your application and, I believe, unique across all objects. The question was this: if I figure out an ID of your objects, can I cause a delete from a second GAE application?

Fortunately, no. At the time of this writing, I have an object (a picture) whose ID is ahJzc2VlbHktc2lsdmVybGlnaHRyDwsSCUltYWdlRmlsZRgCDA. I tried deleting that exact ID from a different application. The delete failed. So, the delete would only work if it comes from the application in question. That’s what I hoped happened, and it does.

Thanks for the great question!

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: