Google App Engine - Security
-
Prevent the bad guys from breaking (into) your app
-
Constrain OS functionality
-
no processes
-
-
no dynamic library loading
-
no sockets (use urlfetch API)
-
can't write files (use datastore)
-
Limit resource usage
-
Limit 1000 files per app, each at most 1MB
-
Hard time limit of 10 seconds per request
-
Most requests must use less than 300 msec CPU time
-
Hard limit of 1MB on request/response size, API call size, etc.
-
Quota system for number of requests, API calls, emails sent, etc
Applications run in a restricted "sandbox" environment
Limited access to OS. Limitations enable scalability --- se above
GAE Applications can
• execute code, store and query data in the App Engine datastore
• use the GAE mail, URL fetch and users services, and many others
• examine the user's web request and prepare the response.
GAE Applications cannot:
• Write to the file system. Can read from filesystem - butUse datastore instead.
• Open a socket or access another host directly. Use URL fetch services instead.
• Spawn a sub-process or thread. A web request to an application must be handled
in a single process within a few seconds.
• Make other kinds of system calls.
• An app cannot see or otherwise know about other applications or processes that
may be running on the server. This includes other request handlers from the same
application that may be running simultaneously.
Java and GAE security
Restrictions enforced in JVM
- For instance, the java.lang.Thread
class can be imported successfully, but can only be used to examine the current thread.
It cannot be used to create new threads.
|