google-app-engine


Can the GAE Servlet code be accessest by anyone


I just when trough this tutorial about Using
Firebase and App Engine Standard Environment in an Android App
It was grate but I wonder now can anyone upload and replace my servlet code. Like do I need to set up some firewall somewhere. I read the docs
about
Using Networks and Firewalls
but I cannot see any hands-on how to apply this, it´s really advanced and if someone could break it down, what I need to do to only allow me to access the code.
I´m a bit new to this but when working with this tutorial
Build an Android App Using Firebase and the App Engine Flexible
Environment
I got this email from CloudPlatform-noreply saying I must maintain a Firewalls :
Dear Developer, We noticed that your Google Cloud Project has open
project firewalls. This could make your instance vulnerable to
compromises since anyone on the internet can access and establish a
connection to the instance. The following project has open firewalls:
Playchat (ID: playchat-4cc1d) Google Cloud Platform provides the
flexibility for you to configure your project to your specific needs.
We recommend updating your settings to only allow access to the ports
that your project requires. You can review your project's settings by
inspecting the output of gcloud compute firewall-rules or by visiting
the firewall settings page on the GCP Console. Learn more about using
firewalls and secure connections to VM instances.
What do I need to be afraid of here - what does "since anyone on the internet can access and establish a connection to the instance." really mean?
I want my Firebase signed in users to be able to access only
Source code deployment
The only people that can deploy source code to your app are ones that you've given access to in the IAM permissions pages in the Cloud Platform Console. People there need Owner or have the specific role of "App Engine Admin" or "App Engine Deployer".
Connecting to your instances
If you are using the App Engine standard environment there are no virtual machine instances. The standard environment is purely a platform as a service, not your typical hosting environment with servers.
If you are using the App Engine flexible environment, your code does run on virtual machine instances. However, those instances by default are locked down. You can enable SSH for debugging purposes. These connections however use the tokens via your authorized gcloud installation to connect. All this is just to say, that by default your instances are locked down and even in the debug mode they are still pretty secure.
Overall, your code is secure by default. Protecting your resources is actually probably more about protecting your Gmail account and thus its connected resources like your Cloud Platform projects. Protect your account with two-factor authentication, don't give people more access to your project than they require, and lastly don't enable debugging unless you need it and even then close it down when you're done.

Related Links

NullPointerException with JDBC and App Engine
How do I create push queue tasks for multiple queues
GAE Custom domain mapping failure after adding SSL Wildcard certificate
Is it possible for Google App Engine string and integer datastore keys to clash? [duplicate]
How do I query in Google Datastore Viewer where table or column name has slash in it?
App Engine Google Console Dashboard
Jinja2 install issue
Firebase access within GAE
GAE: multiple modules vs. multiple applications
Builds at commandline but fails to build as gae app
Handle schema change in Google datastore with Go?
Wipe clean all data from GAE datastore
Android Studio deletes appengine-generated folder
BadValueError: Entity has uninitialized properties ___ after resetting indexes and clearing memcache
Can App Engine Flexible Environment connect to a persistent disk?
AppEngine Remote API NoClassDefFoundError Base64

Categories

HOME
c++11
ecmascript-6
css3
graphics
ms-access-2016
seo
tivoli
regular-language
google-cloud-datalab
crystal-reports-2013
title
appcelerator-studio
cmdb
do-while
jersey-1.0
google-picker
git-extensions
cfml
poedit
springfox
gulp-watch
hta
easeljs
paperjs
alm
custom-controls
database-comparison
turfjs
hibernate-search
python-import
jwplayer6
magento-1.9.2.4
protein-database
print-css
outputcache
opennms
clarifai
facebook-pixel
activeperl
openblas
scalding
opengl-4
avx
oozie-coordinator
janus
cd-burning
structuremap4
javafx-css
rocks
preprocessor
signalr.client
model-associations
jboss-tools
wso2developerstudio
installshield-2010
dimension
lean
android-wake-lock
freepbx
boost-serialization
html-to-pdf
fuzzywuzzy
mobiledoc-kit
user-management
rasterize
jnlua
terracotta
rate-limiting
phonertc
jsvc
google-refine
matlab-deployment
cakephp-2.7
cross-join
ejb-2.x
structuremap3
machine-instruction
genymotion-call
kissfft
malformedurlexception
draw2d-js
fpdi
sbcl
accesscontrolexception
gtm-oauth2
inappsettingskit
observium
neos-server
cascadingdropdown
dopostback
monotouch.dialog
qtconcurrent
dajaxice
mapping-by-code
stress
tournament
xui
socketserver
twitterizer
svk
uideviceorientation
murmurhash
complex-event-processing
leader
cardspace

Resources

Encrypt Message