stackoom
  简体   繁体   中英

is my google app engine deployed source code secure?

 原文  2010-01-03 06:34:59       python/ security/ google-app-engine/ passwords/ credentials

Question

I'm thinking about good ways to store third party credentials , which basically means there needs to be a secret somewhere, either in code or data. I'm deploying on google app engine.

If the 'secret' was something like 

pw_passphrase = sha2(username + 'global-password')
pw_plaintext = aes_decrypt(pw_passphrase, pw_ciphertext)

can I depend on this code never being seen by a non appengine administrator?

...what if the credentials protect something supersensitive like personal financial data, do we still trust it?

(The sha2 bit is exchangable with any other secret pseudo-random function .)

2 answers

solution1
 3 ACCPTED  2010-01-03 06:36:57

是的:您的源代码安全的(如Google所能保证的那样安全),并且未经授权的第三方无法窥视。

solution2
 2  2010-01-03 21:33:50

还记得使用错误页面处理代码中的异常,否则抛出的异常可能会将源代码发现给未签名的用户。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can one source code be deployed to Openshift, Heroku and Google App Engine at once? How to ensure my app deployed on google app engine is event driven? Protect source code / IP on Google App Engine Downloading Source Code from Google App Engine Code working on localhost, but not working when deployed using Google App Engine google app engine how to include directories to be deployed to worker code Memory leak in my Google App Engine code How to download app deployed to Google App Engine Error while downloading the source code from google app engine Google App Engine - Importing my own source modules (multiple files)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM