I have a simple GAE system that contains models for Account, Project and Transaction.
I am using Django to generate a web page that has a list of Projects in a table that belong to a given Account and I want to create a link to each project’s details page. I am generating a link that converts the Project’s key to string and includes that in the link to make it easy to lookup the Project object. This gives a link that looks like this:
<a href="/project?key=agxkZAB-bnVpY2VrbXRyDDsSBkNvdXBvbhgBDA">My Project Name</a>
-
Is it secure to create links like this? Is there a better way? It feels like a bad way to keep context.
-
The key string shows up in the linked page and is ugly. Is there a way to avoid showing it?
Thanks.
After doing some more research, I think I can now answer my own question. I wanted to know if using GAE keys or ids was inherently unsafe.
It is, in fact, unsafe without some additional code, since a user could modify URLs in the returned webpage or visit URL that they build manually. This would potentially let an authenticated user edit another user’s data just by changing a key Id in a URL.
So for every resource that you allow access to, you need to ensure that the currently authenticated user has the right to be accessing it in the way they are attempting.
This involves writing extra queries for each operation, since it seems there is no built-in way to just say “Users only have access to objects that are owned by them”.