java - Google App Engine - Uploading blobs and authentication -

-

(i tried asking on gae forums didn't answer trying here.)

currently upload blobs, app engine's blob store service creates unique one- time url user can post blobs to. requirement want authenticated / authorized users post blobs in application. can achieve if page includes multipart form upload blobs in application.

however, looking providing "rest api" users upload blobs. while true one-time nature of upload url mitigates chances of rogue use it's still possible.

i wondering if there on app engine team here can consider feature developers can register upload listener. (or if there way, i'll ears). standard servlet filter potentially job. give opportunity authenticate / validate / decorate requests before request gets forwarded blob store service.

thanks, keyur

since, point out, it's possible upload blobs if have valid upload url, can issue valid upload urls authorized users. way unauthorized user upload url if authorized user gave them, or intercepted - , in either case, same caveat apply regular credentials.

in case, it's still possible check user's credentials after upload, @ point can delete blob if you're not satisfied. if possible regularly upload unauthorized blobs, lead denial of service vulnerability, due restrictions on handing out encoded urls mentioned above, apply if, example, user's access revoked after generated upload url them.


Comments

Post a Comment

Popular posts from this blog

javascript - Enclosure Memory Copies -

-
function myclass() { //lots , lots of vars , code here. this.bar = function() { //do numerous enclosed myclass vars } this.foo = function() { alert('hello'); //don't enclosed variables. } } each instance of myclass gets own copy of bar , foo, why prototyped methods use less memory. however, know more memory use of inner methods. it seems obvious me (1) below must true. agree? not distinct myclass instances have own distinct copies of bar, must have own distinct copies of myclass enclosure. (or else how bar method keep myclass variables straight on per instance basis?) now (2) question i'm after. since inner foo method doesn't use in myclass enclosure natural qustion is: javascript smart enough not keep myclass enclosure in memory use of foo? this depend entirely on implementation not language. naive implementations keep far more around others. answer true e.g. v8 (chrome's js engine) may not true spider...
Read more

php - Replacing tags in braces, even nested tags, with regex -

-
example preg_replace('/\{[a-za-z.,\(\)0-9]+\}/', 'replaced', 'lorem ipsum dolor sit {tag1({tag2()})}, consectetur adipiscing elit.'); the result: lorem ipsum dolor sit {tag1(replaced)}, consectetur adipiscing elit. question as can see "tag2" has been replaced, want replace "tag1" know how can this? (in cases might this: {tag1({tag2({tag3()})})}) , on.) btw using preg_replace_callback, easier show preg_replace here site can test code: http://www.spaweditor.com/scripts/regex/index.php you need add curly braces character set. here's pattern used: /\{[a-za-z.,\(\)\{\}0-9]+\}/ and here result: "lorem ipsum dolor sit replaced, consectetur adipiscing elit."
Read more