We have legacy .exe solution running on industrial client's desktops that I need to port over to Google App Engine. All clients will have the same version of the app, no code customization. We need to be sure that data will not be leaked between different clients of the new GAE app or be snooped on by some external party.
So I have a couple of questions that I hope someone will be able to help me out.
Option 1: Use namespaces to separate client's data. This seems quite robust at the Datastore level; without the proper namespace data would not be served. Since we have the company name of each user, I would presume this would be quite secure against leaks.
Q1: Which precautions do I need to take to avoid someone guessing or hacking at URLs to get to unauthorized data?
Option 2: We could have a separate instance of the code and datastore for each client. This would give the optimal separation between clients.
Q2: Is there a tool or API to "clone" a given GAE app to many clients? We would feed the list of clients and update the code to all those instances in one go.
Thanks!
Which precautions do I need to take to avoid someone guessing or hacking at URLs to get to unauthorized data?
Namespaces are not a security mechanism for Datastore. A user with access to one partition in a project has access to all partitions in the project. Namespaces provide a way to organize your entities within a project.
Is there a tool or API to "clone" a given GAE app to many clients? We would feed the list of clients and update the code to all those instances in one go.
To have completely isolated instances of services, you can create new projects programmatically using the Cloud Resource Manager API and access resources across projects.