GAE - 如何创建仅由应用程序使用的私有URL?
[英]GAE - how to create a private url that is only used by the application?
问题描述
Using GAE with Python for this project. 
将GAE与Python一起用于此项目。
I am creating a page with a chart of statistics that updates(refreshes) itself (every 10 sec) using AJAX. 我正在创建一个页面,其中包含使用AJAX更新(刷新)自身(每10秒)的统计信息图表。 It is my first time using AJAX. 这是我第一次使用AJAX。 What I am thinking is, that I should create a private page that will give the needed information for the statistics chart. 我在想的是,我应该创建一个私有页面,为统计图表提供所需的信息。 Then I simply get the info using AJAX. 然后我只是使用AJAX获取信息。
Is that the way to go about it? 那是怎么回事呢? If so how do I make a private page in GAE, I don't want users to be able to go to that page.. Thanks 如果是这样,我如何在GAE中创建一个私人页面,我不希望用户能够访问该页面..谢谢
What are the security concerns for a production quality application? 生产质量应用的安全问题是什么?
2 个解决方案
解决方案1
2 2012-04-16 07:29:29
AJAX is simply Javascript sending HTTP requests. AJAX只是Javascript发送HTTP请求。 From a server point of view, there is no way to differentiate between user requests and Javascript requests. 从服务器的角度来看,无法区分用户请求和Javascript请求。 So there is no such thing as "private page". 所以没有“私人页面”这样的东西。
解决方案2
1 已采纳 2012-04-16 08:29:59
You can simply require a login for your private page and your AJAX handler and set the login level to admin . 您只需要登录您的私人页面和AJAX处理程序,并将登录级别设置为admin 。 You may require a login for one or more Urls. 您可能需要登录一个或多个网址。
Edit 编辑
Set login: required , which will require users to login via their Google Accounts, but still all users with Google Accounts will be able to access it. 设置login: required ,这将要求用户通过他们的Google帐户登录,但仍然所有拥有Google帐户的用户都可以访问它。 Then in the AJAX handler check if the user is one of the users that you have given access to: https://developers.google.com/appengine/docs/python/users/ 然后在AJAX处理程序中检查用户是否是您授予访问权限的用户之一: https : //developers.google.com/appengine/docs/python/users/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.