Interesting question. I like the two app approach. That said, one hypothetical way you might achieve it with one app is to restrict how the secondary developers run appcfg.py. They can only run a special version which sticks something like the following onto the front of their files:
import sys sys.path = ['/my_special_override_dir'] + sys.path Then put empty files into the locations that will upload to: <approot>/my_special_override_dir/google/appengine/ext/blobstore.py <approot>/my_special_override_dir/google/appengine/ext/db.py Of course they could just look at the sys.path and remove the override files. Maybe there's a way to hide or spoof sys.path, but this is a pretty yucky hack already. Did I mention I like the two app solution ;-) John On Sep 24, 10:47 am, rvjcallanan <[email protected]> wrote: > Ok I get it: "A lock is only to keep an honest man out!". Bump! > > On Sep 24, 2:37 pm, rvjcallanan <[email protected]> wrote: > > > > > A little early perhaps...bump! > > > On Sep 24, 10:50 am, rvjcallanan <[email protected]> wrote: > > > > Hi all, > > > > I have a requirement to place a thin "security" layer between the > > > Datastore and my App proper. I need to be able to lock down this layer > > > and prevent other coders from bypassing it and performing raw > > > Datastore operations directly. > > > > I am thinking about a dual App approach where one App is a wrapper for > > > its own datastore and the other App implements the main functionality > > > (persisting to the Datastore of the first App via a simple API). This > > > is obviously not ideal for a number of reasons which I won't go into. > > > > My question: Is there any way of achieving the same level of > > > modularisation within a single App? Python seems weak in that > > > respect. I am not familiar with the Java implementation of the GAE. > > > Does it fare any better? Are there any non-language mechanisms > > > available to help here? > > > > Note: I don't want to get into a separate debate about trust and > > > security. > > > > TIA -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
