Giuseppe: google app engine - GAE ndb security issue? -

Wednesday 15 January 2014

google app engine - GAE ndb security issue? -

I have two fake users who are with Sam and related ID 117138609372751079516 and 144229817858159123282.

The app has the following unit:

  class mccenti (NDB model): ownerId = ndb.StringProperty (default = users.get_current_user). User_id ())    When both are logged at the same time and either the user first saves the entity, property 'owner income' randomly  User ID with either : 117138609372751079516 or 144229817858159123282  
 Using a pre_put_hook problem is resolving:  
  def _pre_put_hook (auto): If not self.ownerId: self.ownerId = users.get_current_user () User_id ()    I have solved my immediate problem, but why is this happening in the first place? It has also been tested in development and production with a group of about 50 testers. 40% of them can see the institutions which were not theirs.  
  The problem is likely to be by default, the value of  owner ID  is only < Em> first  is being set, when every app engine is created for class runtime instance  MockEntity  so when a new app engine loads the example, then the default user in Python interpreter The class is set by the user to load first.  
 See this classic problem in Python and for clarification of the same condition in NDB.   

 




Posted by



Unknown




at

02:22











Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

No comments: Post a Comment

Newer Post Older Post Home Subscribe to: Post Comments (Atom)

About Me Unknown View my complete profile Blog Archive ► 2015 (1886) ► September (203) ► August (208) ► July (224) ► June (210) ► May (230) ► April (195) ► March (209) ► February (201) ► January (206) ▼ 2014 (2117) ► September (239) ► August (251) ► July (226) ► June (208) ► May (229) ► April (199) ► March (255) ► February (275) ▼ January (235) Secularists and Separationists are Terrorists! Atheist vs. Agnostic - What's the Difference Betwe... Joseph Lagu -- Biography of Joseph Lagu This Day in African History: August 01 This Day in African History: August 15 Write a Review -- Best African History Related Fil... 1.#EANF# Description:#EANF# 2.#EANF# Descript... php - Setting a cookie before page is refreshed/cl... .net - C# configuring TCPClient client's port - jquery - HTML Javascript Calender - Add to stack from ArrayList (Java) - ios - Animate by alternating different UIImages - python - Slicing Data From a Dictionary - java - Can I use JPQL to query a MySQL database wh... django user authentication, shoulid admin be used ... javascript - JSON Serialization error with simplej... sql - Return a value when a different value changes - winforms - C# How to stop animated gif from contin... ruby on rails - Reindex Sunspot Solr in Capistrano - php - Get single array element in a function return - refactoring - How can I DRY out this Ruby Code - osx - where are MacPorts binary files? - java - How to use getWritableDatabase() in onCreat... How to bind to a base type and a protocol in Xamar... jquery - How do I get this simple sales tax calcul... google app engine - GAE ndb security issue? - php - html size to fit content of object - php - combine option field results to text field - html - Get array from checkbox and then make a str... Android: geolocation doesn't work anymore on some ... mysql - Sql error : Invalid use of group function? - ios - Switch between Master-Detail View and other ... java - Static block is never run - objective c - Iphone Contact list. Sort TableView ... Access search form - search a delimited string - c# - Why Doesn't the Code Deadlock - regex - PHP Matching URLs and using preg_replace_c... javascript - Simple backbone.js issue - java - How to use if statement and search for last... php - CodeIgniter CLI - passing multiple args to m... git - How can I merge finished work patch instead ... c - "expected ')' before numeric constant" when ca... c++ - Hash function for vector - javascript - How to bring a dropdown (Chosen) with... How to add values on Javascript? - android - Multiple Color bars for single series an... fullcalendar - fullcalender: Get the selected time... android - Monkey says no activities found - xaml - Wpf datagrid doesn't show current cell sele... mouseevent - How to map Microsoft Visual Studio 20... java - Android facebook auto status update - sql - calculate percentage of aggregated column - sitecore6 - Sitecore Advanced Database Crawler ind... c++ - Meaning of a numerical ErrorMessage - php - How file structure comes in Laravel when dev... javascript - IFrame src video change issue - Exiting a while loop at EOF using scanf in C - javascript - jQuery Random Particles Overlay on El... javascript regex replace all doublequotes in strin... Subprocess call with arguments as variables python - java - Is it possible to obtain multiple elements ... events - Is there a way in python to trigger an ac... Fizz Buzz script using while loop stuck in infinit... rdf - GEOSparql : Make geospaql queries to multipl... translate - How to check if point is in polygon in... How would I make Apache case insensitive using .ht... css - Divs not showing when uploaded to server - Windows Authentication for ASP.NET MVC 4 - how it ... iphone - How to remove UITableViewCell border usin... c# - Datatable to array and then to a Textbox - php - Symfony 1.4 don't load sfFormExtraPlugin on ... regex - How to split a string at 2 or more consecu... authentication - CakePHP - Set up Auth model to on... android - Rounding Only ONE Image Corner - not all... html - overlay resize with CSS - parsing - Parse PHP source codes and extract some ... Batch Adding 1 to a number untill Modulo divide 4 - css - Why Won't, and How, Will my UL get centered ... python - decorate a Python3 function to ignore *ar... ios7 - How do I give my friend who I want to beta ... module - Does anyone know how to access the creati... Use PHP to copy partial MySQL column data to anoth... ruby on rails - Nested Attribute one-to-one differ... php - mysqli bind_param for array of strings - scripting - Trying to change a php script from blo... How does Rails implement the "date magic" mechanis... validation - how to can I use element name includi... .net - Does C# have any built in parsing for confi... Tapestry: How to pass an Object using t:context - javascript - Keydown event not removed from docume... php - how to add additional select columns in symf... html - Content extends beyond 100% of screen div - jquery - Preloader Gif-Image Stucks in Mobile Appl... d3.js symbol instead of circle - javascript - How can I keep Html element hide() wi... string - How can I make sure I convert to a single... java - When to use "final" keyword before a class? - database - error in SQL syntax for LEFT JOIN state... c# - Cannot deserialize Json object to dictionary - ruby on rails - Creating a nested model for "new" ... ► 2013 (2011) ► September (199) ► August (228) ► July (210) ► June (222) ► May (217) ► April (229) ► March (243) ► February (221) ► January (242) ► 2012 (1993) ► September (227) ► August (235) ► July (225) ► June (206) ► May (221) ► April (216) ► March (206) ► February (227) ► January (230) ► 2011 (1964) ► September (220) ► August (222) ► July (219) ► June (224) ► May (219) ► April (206) ► March (216) ► February (221) ► January (217) ► 2010 (1952) ► September (230) ► August (202) ► July (221) ► June (207) ► May (213) ► April (199) ► March (234) ► February (244) ► January (202)

Powered by Blogger.