ODK Aggregate - Private data

Hi all,

I've set up an appspot instance of aggregate, got the forms onto the phone and linked it to fusion tables and everything works beautifully. The only problem I have is that I can log into the appspot instance with any valid google account and can view, download and delete the data. I'm sure I've missed something very simple but how do I restrict access to this so only I can log in and access the data?

Cheers, David

Yes, Aggregate 0.9.x allows that.

Aggregate 1.0 has full authentication, authorization and secure socket
(https) support (and support for MySQL and Postgresql databases, so you can
host your own data if you are concerned about having it up in the cloud).

We're very close to releasing 1.0.

Mitch

··· On Thu, May 12, 2011 at 5:17 AM, David Taylor wrote:

Hi all,

I've set up an appspot instance of aggregate, got the forms onto the phone
and linked it to fusion tables and everything works beautifully. The only
problem I have is that I can log into the appspot instance with any valid
google account and can view, download and delete the data. I'm sure I've
missed something very simple but how do I restrict access to this so only I
can log in and access the data?

Cheers, David

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer


University of Washington
mitchellsundt@gmail.com

If cloud-hosting isn't a concern, you can also set up a Google Apps account
and host your AppEngine app on that domain, restricting access to anyone
with access to your Apps domain.
http://code.google.com/appengine/articles/auth.html

The bummer is that you can't retroactively port an existing app engine
instance to an Apps domain... you have to set it up on your Apps domain from
the get-go.

Tanya

··· On Thu, May 12, 2011 at 10:57 AM, Mitch Sundt wrote:

Yes, Aggregate 0.9.x allows that.

Aggregate 1.0 has full authentication, authorization and secure socket
(https) support (and support for MySQL and Postgresql databases, so you can
host your own data if you are concerned about having it up in the cloud).

We're very close to releasing 1.0.

Mitch

On Thu, May 12, 2011 at 5:17 AM, David Taylor davidtaylor82@gmail.comwrote:

Hi all,

I've set up an appspot instance of aggregate, got the forms onto the phone
and linked it to fusion tables and everything works beautifully. The only
problem I have is that I can log into the appspot instance with any valid
google account and can view, download and delete the data. I'm sure I've
missed something very simple but how do I restrict access to this so only I
can log in and access the data?

Cheers, David

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
http://www.OpenDataKit.org
University of Washington
mitchellsundt@gmail.com

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--



Tanya Keen
Program Manager
Google Earth Outreachhttps://sites.google.com/a/google.com/geo-citizenship-awards/
earth.google.com/outreach

Google Earth & Maps blog: http://google-latlong.blogspot.com
Follow @earthoutreach on Twitter: http://twitter.com/earthoutreach

If you are technology inclined you can follow the instructions to get a copy
of Aggregate source code and modify the code to restrict users. We tried to
make it easy by creating one function to handle the login. In
ServletUtilBase the is a function at approximately line 105 called
verifycredentials. You can add an if statement to check the user name is one
u specify. This is a quick coding solution to tide people over until 1.0 is
released.

··· On May 12, 2011 11:08 AM, "Tanya Keen" wrote: