I have an app that services inbound mail and I have deployed a new development version to Google App Engine. The default is currently set to the previous version.
Is there a way to specify that inbound mail should be delivered to a particular version?
This is well documented using URLs but I can't find any reference to version support in the inbound mail service...
No, this isn't currently supported. You could write some code for your default version that routes mail to other versions via URLFetch, though.
There is an easier way to do this than writing code that routes between different versions using URLFetch.
If you have a large body of code that is email oriented and you need to have a development version,
simply use one of your ten applications as the development application (version).
This allows you to do things like have test-specific entities in the development application Datastore and you can
test as much as you want running on appengine live.
The only constraints are:
because the application has a different name, for email sending from the application, you either need to send from your gmail account or have a
configuration that switches the application name
sending test email to the application will have a slightly different email address (not a big issue I think)
keep an app.yaml with a different application name
you burn another one of your ten possible apps
Most RCS will allow you to have the same project checked out into different directories. Once you are ready for launch
(all development code is committed and testing done), update the 'production' directory (except for app.yaml) and then deploy.
Related
I'd like to build a GUI for a few Python functions I've written that pull data from MS SQL Server. My boss wants me to share the magic of Python & SQL with the rest of the team, without them having to learn any coding.
I've decided to go down the route of using Flask to create a webapp and creating an executable file using pyinstaller. I'd like it to work similarly to Jupyter Notebook, where you click on the file and it opens the notebook in your browser.
I was able to hack together some code to get a working prototype of the GUI. The issue is I don't know how to deploy it. I need the GUI/Webapp to only run on the local computer for the user I sent the file to, and I don't want it accessible via the internet (because of proprietary company data, security issues, etc).
The only documentation I've been able to find for deploying Flask is going the routine route of a web server.
So the question is, can anyone provide any guidance on how to deploy my GUI WebApp so that it's only available to the user who has the file, and not on the world wide web?
Thank you!
So, a few assumptions-- since you're a business and you're rocking a SQLServer-- you likely have Active Directory, and the computers that you care to access this app are all hooked into that domain (so, in reality, you, or your system admin does have full control over those computers).
Also, the primary function of the app is to access a SQLServer to populate itself with data before doing something with that data. If you're deploying that app, I'm guessing you're probably also including the SQLServer login details along with it.
With that in mind, I would just serve the Flask app on the network on it's own machine (maybe even the SQLServer machine if you have the choice), and then either implement security within the app that feeds off AD to authenticate, or just have a simple user/pass authentication you can distribute to users. By default random computers online aren't going to be able to access that app unless you've set your firewalls to deliberately route WAN traffic to it.
That way, you control the Flask server-- updates only have to occur at one point, making development easier, and users simply have to open up a link in an email you send, or a shortcut you leave on their desktop.
Unfortunately, you do not have control over a give users computer.
You are using flask, so your application is a web application which will be exposing your data to some port. I believe the default flask port is 5000.
Regardless, if your user opens the given port in their firewall, and this is also open on whatever router you are connected to, then your application will be publicly visible.
There is nothing that you can do from your python application code to prevent this.
Having said all of that, if you are running on 5000, it is highly unlikely your user will have this port publicly exposed. If you are running on port 80 or 8080, then the chances are higher that you might be exposing something.
A follow up question would be where is the database your web app is connecting to? Is it also on your users machine? If not, and your web app can connect to it regardless of whose machine you run it on, I would be more concerned about your DB being publicly exposed.
I'm getting my feet wet with GCP and GAE, also nodejs and python and networking (I know).
[+] What I have:
Basically I have some nodejs code that takes in some input and is supposed to then send that input to some python code that will do more stuff to it. My first idea was to deploy the nodejs code via GAE, then host the python code in a python server, then make post requests from the nodejs front-end to the python server backend.
[+] What I would like to be able to do:
just deploy both my nodejs code and my python code in the same project and instance of GAE so that the nodejs is the frontend that people see but so that the python server is also running in the same environment and can just communicate with the nodejs without sending anything online.
[+] What I have read
https://www.netguru.co/blog/use-node-js-backend
Google App Engine - Front and Backend Web Development
and countless other google searches for this type of setup but to no avail.
If anyone can point me in the right direction I would really appreciate it.
You can't have both python and nodejs running in the same instance, but they can run as separate services, each with their own instance(s) inside the same GAE app/project. See Service isolation and maybe Deploying different languages services to the same Application [Google App Engine]
Using post requests can work pretty well, but will likely take some effort to ensure no outside access.
Since you intend to use as frontend the nodejs service you're limited to using only the flexible environment for it, which limits the inter-service communication options - you can't use push queues (properly supported only in the standard environment) which IMHO would be a better/more secure solution than post requests.
Another secure communication option would be for the nodejs service to place the data into the datastore and have the python service pick it up from there - the datastore is shared by all instances/versions/services inside the same GAE app. Also more loosely coupled IMHO - each service can function (at least for a while) without the other being alive (not possible if using the post requests).
Maybe of interest: How to tell if a Google App Engine documentation page applies to the standard or the flexible environment
UPDATE:
Node.JS is currently available in the standard environment as well, so you can use those features, see:
Now, you can deploy your Node.js app to App Engine standard environment
Google App Engine Node.js Standard Environment Documentation
What is the difference between using Apple's sandbox servers or not with push notifications? For example:
apns = APNs(use_sandbox=True, cert_file='cert.pem', key_file='key.pem')
vs.
apns = APNs(use_sandbox=False, cert_file='cert.pem', key_file='key.pem')
Why would someone care if they are using Apple's sandbox servers or not? Is there an actual reason why it should be used or not?
You should use the sandbox while you are in staging and production server while you have deployed ad hoc or on AppStore.
The reason is to keep test environment distinct from production.
When you create an application you need to set different certificates and provisioning profile to sign the app. Basically one for debug and one for distribution. If you want to add push functionalities you must create 2 certificates to communicate with APNS. Push test certificates only works in sandbox with app signed with debug certificates, while Push production certificates only works with app signed using a distribution cert.
It's quite common to keep test environment distinct from production, sometimes I work with 3 environments: test, stage, production. One for pure testing, one for understand if everything works as expected before going to production.
Suppose that you already have an application on App Store that uses Push notification, now you'd like to publish a new version of the app that enhance or modify something in the payload of the notification. Wouldn't by nice if you could test that new payload in an eviroment different from the one in the App Store? so you can take your time to see if everything is working correctly and maybe check if the changes doesn't affect the old app.That is the purpose of sandbox.
Did I answer your question?
What are the common steps taken to secure a django app instance in production.
I am using sqlite so encrypting the database would be nice too.
And since the database is encrypted the app code should also be either encrypted or compiled only. Is it safe to simply delete all the *py files and leave the *pyc files?
Also, is it possible to disable the django shell (./manage.py shell) in the production server? Once the shell is accessible so is all the data.
The stack that I am using is: Nginx + Gunicorn + Django + SQLite all hosted on a rackspace dedicated server with a dedicated firewall.
Basically, the objective is, that anyone with root access may not access the database contents.
Securing django is an important question, but I think you are confused.
First of all even if you could make your code less easy to examine, it would not make it more secure. Secondly, it is possible to recover all but comments from pyc files.
Lastly, the django shell is a convenience for interacting with your application at the commandline. If anyone unauthorised were in a position to run it, it would not matter if you had disabled it - your security would already be completely compromised.
I strongly recommend that you do not administer your own production server with your current state of knowledge. Use a shared host, and follow your hosting service's security guidelines. Concentrate on the actual web security aspects of your application.
One more thing: you're not using the built-in server in production are you?
Update: You can't protect yourself from root, and even if you could, they could, say, just put the hard disk in another computer.
I am developing an application for managers that might be used in a large organisation. The app is improved and extended step by step on a frequent (irregular) basis. The app will have SQL connections to several databases and has a complex GUI.
What would you advise to deploy the app ?
Based on my current (limited) knowledge of apps in lager organisations I prefer a setup where the app runs on a server and the user uses a thin client via the web. I prefer not to use a webbrowser because of (possible)limitations of the user GUI. The user experience should be as if the app was running on his own laptop/pc/tablet(?)
What opensource solution would you advise ?
Thanks !
If possible, make the application run without any installation procedure, and provide it on a network share (e.g. with a fixed UNC path). You didn't specify the client operating system: if it's Windows, create an MSI that sets up something in the start menu that will still make the application launch from the network share.
With that approach, updates will be as simple as replacing the files on the file server - yet it will always run on the client.