Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Google App Engine licenced to run web applications in the Google cloud

Security is always a predominant concern for any Internet or Intranet hosted application.  Corporate developers should carefully research how information, web applications, and users would be protected in this environment.  While security controls are built into the new facility, Google is one of the attacked sites on the Internet due to it's popularity.  

Below are some recent security concerns:   

1. Google needs to continue improving privacy protection:

http://arstechnica.com/news.ars/post/20070611-google-named-worst-privacy-offender-in-study.html

2. Sunbelt continues to note recent issues, as Google is one of the most popular sites on the Internet and it is subject to constant attacks:

http://sunbeltblog.blogspot.com/2008/04/google-groups-continues-to-be-inundated.html

3. Google poisoning attacks have taken place, where the cloud has been seeded with malicious web links.  Google has quickly cleaned these up in the past.

http://redtape.msnbc.com/2007/12/virus-experts-w.html


-----------------------------------------

Google’s App Engine lets you run your apps in the Google cloud
http://blogs.techrepublic.com.com/hiner/?p=654

QUOTE: Google on Tuesday launched its App Engine, which allows developers to run their Web applications on the search giant’s computing cloud. With Google App Engine, developers can write web applications based on the same building blocks that Google uses, like GFS and Bigtable. Google App Engine packages those building blocks and provides access to scalable infrastructure that we hope will make it easier for developers to scale their applications automatically as they grow. This means they can spend less time dealing with system administration and maintenance, and more time building and improving their applications.

Google App Engine - Home Page
http://code.google.com/appengine/

Google App Engine - New Blog
http://googleappengine.blogspot.com/2008/04/introducing-google-app-engine-our-new.htm

Google App Engine - Details including Security controls
http://code.google.com/appengine/docs/whatisgoogleappengine.html

QUOTE: SANDBOX SECURITY CONTROLS -- Applications run in a secure environment that provides limited access to the underlying operating system. These limitations allow App Engine to distribute web requests for the application across multiple servers, and start and stop servers to meet traffic demands. The sandbox isolates your application in its own secure, reliable environment that is independent of the hardware, operating system and physical location of the web server. Examples of the limitations of the secure sandbox environment include:

* An application can only access other computers on the Internet through the provided URL fetch and email services and APIs. Other computers can only connect to the application by making HTTP (or HTTPS) requests on the standard ports.

* An application cannot write to the file system. An app can read files, but only files uploaded with the application code. The app must use the App Engine datastore for all data that persists between requests.

* Application code only runs in response to a web request, and must return response data within a few seconds. A request handler cannot spawn a sub-process or execute code after the response has been sent.

Comments

Microsoft news and tips » Google App Engine licenced to run web applications in the Google cloud said:

Pingback from  Microsoft news and tips » Google App Engine licenced to run web applications in the Google cloud

# April 13, 2008 1:18 AM