What security issues need to be addressed when working with the Google App Engine?

Question

What security issues need to be addressed when working with the Google App Engine?

I am considering using the Google App Engine for several hobby projects. Although they will not process any confidential data, I would still like to make them relatively secure for a number of reasons, for example, to learn about security, legality, etc.

Are the same problems encountered by other applications, such as applications written in other languages or hosted in other ways?

Edit: I did a few searches, it seems I need to sanitize the input for XSS and Injection. What else needs to be considered?

+6

python security google-app-engine web-applications

Ocimus Oct 6 '10 at 9:12

source share

2 answers

In general, there are the same problems. In addition, Google “knows” your code and can theoretically control everything that the code does. Therefore, it is very difficult if you want them to not read your data. But I do not believe that they have the time and resources to monitor your code and related data.

-2

kasten Oct 6 '10 at 9:18

source share

bobince · Accepted Answer · 2010-10-06T09:39:38+0000

Sanitizing an input is not a way to avoid problems with downloading requests and markup. Using the right form of shielding at the output stage ... or, even better, using a higher level tool that does this for you.

So, to prevent GQL query injection, use the GqlQuery parameter binding interface. To prevent markup injection against HTML (resulting in XSS), use the HTML escaping function of any template language that you use. For example, for Django templates, |escape ... or, better, {% autoescape on %} so you don't accidentally miss it.

What security issues need to be addressed when working with the Google App Engine?

More articles: