Is it random value? Or, can user extract some data from this value?
Asked
Active
Viewed 388 times
1
-
2 reasons why I wouldn't ask or wouldn't answer the question: unwise for app design, unwise for GAE security. – topchef Oct 26 '11 at 11:51
-
@topchef, I could agree with second part, but wouldn't agree with first ;) - I should understand if I can use this as part of url - whether user can extract something more from this or not. – LA_ Oct 26 '11 at 13:29
-
@LA - then we talk about just 2d part all together. Accidentally, I just had conversation with one the clients of the software I maintain the other day, who asked why we don't expose internal keys in our UI model (in MVC) while we heavily use it in URLs. I couldn't think of any valid reason except why we don't: they have no meaning for the customer and we offer unique ids that carry business semantic as well as identity. And since I am in no position to give hackers any extra chances I resist to expose those keys just because I can. – topchef Oct 26 '11 at 15:17
1 Answers
3
a datastore key consists of a kind, a string name or integer id, and an optional parent entity path (docs). all of those are user-specified except the id, so i assume that's what you're asking about.
ids are allocated based on simple integer counters that start at 0. currently, in a given app, all root entities share a single counter, and non-root entities share a counter within their entity group. over the long term, ids from a given counter will increase, but datastore servers reserve ids in batches, so you'll often see ids increase and decrease over the short term.
more details: http://groups.google.com/group/google-appengine/browse_thread/thread/dec83c2dbd9542e4#f495648c988d758c
(as to the security question, none of app engine's security depends on keeping this id allocation mechanism secret. you might want to read up on why security through obscurity is generally considered a Bad Thing. :P)
ryan
- 2,687
- 1
- 29
- 38