[英]Security problems for google app engine webservices
I've write a google web-services based on java to encrypt and decrypt messages, just wondering if I deploy this project to app engine, how can I make sure my java classes are safely at the server side? 我已经编写了一个基于Java的Google Web服务来加密和解密消息,只是想知道是否将此项目部署到应用程序引擎,如何确保我的Java类在服务器端安全? Because there are secret keys inside code.
因为代码内有秘密密钥。
Do I need add some identification steps before can use the web-services? 使用网络服务之前,我需要添加一些识别步骤吗?
It's as secure as any other hosted service - trusted people (Google admins) have access to servers and your compiled code. 它与任何其他托管服务一样安全-受信任的人(Google管理员)可以访问服务器和您的编译代码。 If you are not OK with that, you should run your own servers.
如果您对此不满意,则应运行自己的服务器。
You may want to disable code download , in case your google account gets compromised. 如果您的Google帐户遭到入侵,则可能要禁用代码下载 。
Also, access to your Google account is an attack vector to get to AppEngine admin access, so make sure anybody with developer access to your GAE app has two-step authentication enabled . 另外,访问您的Google帐户是进入AppEngine管理员访问权限的攻击手段,因此请确保对开发人员具有访问您GAE应用程序权限的任何人都启用了两步身份验证 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.