A private secure web application on the Google App Engine

Posted on June 30th, 2010 at 10:33
in

Lately I have been rewriting the dashboard that I use to monitor the health of my business to a GWT application running on the Google App Engine.

It turns out that it is straightforward to create a private secure web application on Google App Engine by restricting authentication and enforcing SSL encryption.

The following web.xml snippet shows how to make sure only the administrator (you) can access the application over an SSL connection:

<security-constraint>
  <web-resource-collection>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>admin</role-name>
  </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>
On July 1st, 2010 Philip Paeps (not verified) said:

That's an interesting new interpretation of "private and secure". Do you really want Google to own this data? Do you really want your "private" data under the control of a commercial enterprise (whose core business is selling advertisements based around other people's data) subject to the laws of a country over which you have no democratic control?

My interpretation of "private" is a bit different than yours I think. I wonder if people think these things through. Google is not a non-profit organization. Anything you put in, you will never be able to take out.

On July 2nd, 2010 litrik said:

Yes I have thought this true and I have made a cost/benefit analysis. In this specific case I have no problem "handing over" this specific data to Google.

On September 9th, 2010 icero (not verified) said:

Well first of all, if Google would use that data while they decleared they never will you can sue them for a lot of money. Beside that they will loose their reputation, especially the reputation is worth most for a company without it you are nothing. Secondly (depends on your size of the organization), you can choose to use Google Apps for certain jobs where the data is not classified. I can imagine you keep for example the accounting stuff local but some processing data which has not much value for outsiders you can use with Google Apps.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options