Does anyone knows if there is a tool out there to perform automated security checks for a Google App Engine application ?
There are docs out there on how to setup security for a GWT application running on Google App Engine but I was wondering if there is an automated tool I could use to check security holes
Thanks,
Hugues
Related
On GCP, I run Cloud Build from one project and deploy code to App Engine in another project. It looks like the project where build runs from needs to have App Engine Admin API enabled. Is it a real request or I missed the real configurations?
App Engine Admin API is required as it is used for any App Engine-related management operations
Also, based on the link above:
The Admin API provides you with:
An integration point for your development and build tools.
Tighter control around deploying new versions, including the ability to automate traffic
migration between two versions or traffic splitting across one or more versions.
The ability to programmatically manage applications across multiple Google Cloud projects.
So yes, if you plan on deploying code to App Engine using Cloud Build, you need GAE Admin API enabled.
I was able to create the basic 'hello world' program.
When I tried to understand the difference between a cloud and a server I learned that Cloud is where you have an access to virtual instance created exclusively for you and you are free to choose and install software of your choice.Why Google App Engine(GAE) is used widely where as tomcat is not used. What are major differences between GAE and Tomcat?
Cloud is Google Cloud Platform at this case. App Engine is just one of their services.
App Engine is a platform to build your apps on top of it. A Platform As A Service or PaaS. It simplifies the process of building a scalable application, and you should use it when you understand what you really need and understand principles of scalable application.
Tomcat is a Java web container, and there're many alternatives. Google App Engine is using Jetty. You could actually use it with Tomcat by using Flexible VM, though it doesn't make much sense.
App Engine is not about web server, it's a set of services that helps you to build a scalable app. It includes Memcache, Datastore, Task Queue, Images API, deployments tools and versioning, CDN for static files, and most important automatic scale.
Actually you aren't limited to App Engine on Google Cloud Platform. There is more traditional service, like own server in the cloud, called Compute Engine. There you can run your Tomcat or anything else.
We have a Java web application developed locally without using any GAE components / AWS components (GAE/AWS SDK etc.,).
We used the following technologies: Java, Spring framework, MySQL Database, Hibernate ORM, Jersy REST library, Tomcat web server.
Our application is up & running fine on our local server.
Now my question is
If I deploy the existing WAR to Google App Engine/ Amazon AWS will it start working right away OR Do I have to make extra changes to my code and deploy new WAR file in order to make it working on Google App Engine / Amazon AWS?
If I want to start a new java web project(using same configuration I mentioned above) that will eventually run on Google App Engine / Amazon AWS, What is the best strategy:
Should I start my development using Google App Engine / Amazon AWS from the beginning ? or just deploy when everything is done?
EDIT : I just wanted to know about GAE and/or AWS in general.
It looks like Google Computer Engine is more suited if you rely on a relational database. Google app engine uses a NoSQL datastore that is not compatible with your relational scheme.
I'm trying to read a sqlite db from the server side code in my gwt project. It throws AccessControlException. I looked a lot on the web and all solutions seems to be disabling Google App Engine, but when I do this, I can't run my project. I'm new to GWT and I have no idea where it runs when Google App Engine is shut down. I look for possibly this two solutions: Any setting that Google App Engine is set to be able to read any file, or other engine that I run my application on. Thanks
The problem is that Google App Engine (GAE) does not support sqlite (I assume you are reading it using JDBC).
If your intention is to make a GWT project that will not be deployed on GAE, you should create the project disabling this feature from the very beginning, because afterwards its a nightmare as you are experiencing right now.
If your intention is to deploy in GAE, you must use the google's persistence mechanisms (JDO) to store your data. SqlLite is off the table here.
I recently succeded in uploading a Roo/GWT project on Google App Engine.
But, how can I secure it from the Google App Engine application dashboard?
Is there a way to tell to GAE to put a Google Login Box at the start and set a list of authorized accounts?
Thank you very much,
Regards.
Just answered ~same q. here Adding an authentification system in a deployed Roo/Gwt project
This is in progress to be implemented for GWT 2.1/Roo 1.1.0. See this for more details https://jira.springsource.org/browse/ROO-1003
If you can't wait, check the Spring Security in Google App Engine article, at http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ That approach is not supported by Roo though (so once you change the generated code, it will be harder, but still possible, to continue using Roo)