Can the GAE Servlet code be accessest by anyone
I just when trough this tutorial about Using Firebase and App Engine Standard Environment in an Android App It was grate but I wonder now can anyone upload and replace my servlet code. Like do I need to set up some firewall somewhere. I read the docs about Using Networks and Firewalls but I cannot see any hands-on how to apply this, it´s really advanced and if someone could break it down, what I need to do to only allow me to access the code. I´m a bit new to this but when working with this tutorial Build an Android App Using Firebase and the App Engine Flexible Environment I got this email from CloudPlatform-noreply saying I must maintain a Firewalls : Dear Developer, We noticed that your Google Cloud Project has open project firewalls. This could make your instance vulnerable to compromises since anyone on the internet can access and establish a connection to the instance. The following project has open firewalls: Playchat (ID: playchat-4cc1d) Google Cloud Platform provides the flexibility for you to configure your project to your specific needs. We recommend updating your settings to only allow access to the ports that your project requires. You can review your project's settings by inspecting the output of gcloud compute firewall-rules or by visiting the firewall settings page on the GCP Console. Learn more about using firewalls and secure connections to VM instances. What do I need to be afraid of here - what does "since anyone on the internet can access and establish a connection to the instance." really mean? I want my Firebase signed in users to be able to access only
Source code deployment The only people that can deploy source code to your app are ones that you've given access to in the IAM permissions pages in the Cloud Platform Console. People there need Owner or have the specific role of "App Engine Admin" or "App Engine Deployer". Connecting to your instances If you are using the App Engine standard environment there are no virtual machine instances. The standard environment is purely a platform as a service, not your typical hosting environment with servers. If you are using the App Engine flexible environment, your code does run on virtual machine instances. However, those instances by default are locked down. You can enable SSH for debugging purposes. These connections however use the tokens via your authorized gcloud installation to connect. All this is just to say, that by default your instances are locked down and even in the debug mode they are still pretty secure. Overall, your code is secure by default. Protecting your resources is actually probably more about protecting your Gmail account and thus its connected resources like your Cloud Platform projects. Protect your account with two-factor authentication, don't give people more access to your project than they require, and lastly don't enable debugging unless you need it and even then close it down when you're done.
NullPointerException with JDBC and App Engine
How do I create push queue tasks for multiple queues
GAE Custom domain mapping failure after adding SSL Wildcard certificate
Is it possible for Google App Engine string and integer datastore keys to clash? [duplicate]
How do I query in Google Datastore Viewer where table or column name has slash in it?
App Engine Google Console Dashboard
Jinja2 install issue
Firebase access within GAE
GAE: multiple modules vs. multiple applications
Builds at commandline but fails to build as gae app
Handle schema change in Google datastore with Go?
Wipe clean all data from GAE datastore
Android Studio deletes appengine-generated folder
BadValueError: Entity has uninitialized properties ___ after resetting indexes and clearing memcache
Can App Engine Flexible Environment connect to a persistent disk?
AppEngine Remote API NoClassDefFoundError Base64