GAE challenge, are URLs safe in design?

Question

GAE challenge, are URLs safe in design?

I am trying to wrap my head around the Google App Engine and, more specifically, in Tasks.

My security question is if I define a queue like:

- url: /queues/long-task script: urlhandlers.QueueLongTask.app login: admin

I'm sure that / queues / long -task can only be accessed using the admin and task system? I could not find a link about this in the Google documentation.

Thank you in advance

0

google-app-engine task

Cyril N. Apr 6 '16 at 13:15

source share

1 answer

Zebs · Accepted Answer · 2016-04-06T14:17:56+0000

You are correct, the login: admin will take care of this.

Here you can find additional documentation information: https://cloud.google.com/appengine/docs/python/taskqueue/overview-push#Python_Securing_URLs_for_tasks

You can also use headers such as X-AppEngine-QueueName if you want to do certain things only when it is called from a task:

"These headers are set inside the Google App Engine. If your request handler finds any of these headers, it can trust that the request is a task queue request. If any of the above headers are present in your application’s external user request, they are deprived."

GAE challenge, are URLs safe in design?

More articles: