Hi Rajkumar, On Thu, Apr 8, 2010 at 5:14 PM, Rajkumar Radhakrishnan <[email protected] > wrote:
> Hi, > > I will have to let you know of a possibility of a loophole, so that it can > be fixed my Google App Engine developers - which has been of concern to me > for some time now. > > This thread here talks about uploading a part of the application.. > > http://groups.google.com/group/google-appengine/browse_thread/thread/3bf636ee0010d80?pli=1 > > *djidjadji *writes *:* > > * > * > *appcfg.py will only upload the changed files. * > *It first collects hash-md5 values for all files that are part of the * > *application. * > *Sends these hash values to the server, in filename-hash combos. * > *The server returns the filenames it does not have, in any of the * > *versions of the app. * > *Then appcfg.py uploads these files. * > *....* > > > *thanhnv *says *:* > > *...So, I have edited a * > *little code of appcfg.py to solve this issue....* > > > Reading this, I believe it should be possible to hack with appcfg.py (under > google/appengine/tools/appcfg.py) and make it upload part of the file - > specifically a new version of app.yaml with just the code to enable the > downloading of source files - either in the approach Nick Johnson has > mentioned in the StackOverFlow article or if you search around, you should > be able to find request handler code to do that specifically. > > After this partial deployment, you should have the version with the old > files residing along with the new set of files to download the source files > and with the new app.yaml to trigger that download code. > The deployment process requires appcfg to provide a manifest of the names and SHA1 hashes of all the files being uploaded. Thus, modifying appcfg to do a 'partial update' such as you describe would require you to have the SHA1 hashes and filepaths of all the files in the app - and acquiring those hashes is likely to require having the source code in the first place! -Nick Johnson > Now you can execute the new code to get a back up of your old files. > > This is just theory, I did not have the time to test it out. I suggest you > to deploy a test app with some simulate this first before you attempt this > on your existing app. If it works, let this group know. > > For if it works, it goes against the notion that GAE allows source > protection for developers when they upload their code to third-parties. The > scenario is : typically 3rd parties can signup for App Engine and grant > developer access to the person who wrote the code (or owns it) to upload it > to their application instance. Not having the option to download code > protects the rights of the developer / code-owner. But if this approach > works, then the 3rd party can in theory download that code using this > approach, if they want to. > > So why am I exposing this possibility.. in the hope that it helps you for > now and that Google App Engine folks will somehow plug this loophole soon. > Plugging this loop-hole can mean that.. > > "smart update" feature of uploading changed files will have to go, > (or) > "smart update" will be disabled by default for all apps and can be enabled, > if required > (or) > better measures to check that the "smart update" feature has not been > misused - a bit difficult, if not impossible. > > If the loop-hole exists and is not fixed -- then it is equivalent of having > a "download code" option in the administrative console and developers can > think about source code licensing options. > > GAE folks, feel free to correct me if my assumptions on the possibility are > wrong. I will be glad to hear that. > > Thanks & Regards, > R.Rajkumar > > 2010/4/8 Ricardo Sánchez-Sáez <[email protected]> > > Hello, >> >> I reckon this has been asked many times, and the general answer is >> that we should use a code revision or backup tool. >> >> I recently got my laptop stolen, and hadn't been careful enough with >> my backups. Can somebody at Google help me recover my code? >> >> I found a tricky way to do this, but I am afraid I did not have the >> remote api handlers installed. >> - >> http://stackoverflow.com/questions/2479087/can-i-restore-my-source-code-that-has-been-uploaded-into-google-appengine/ >> How does one install remote api handlers? Is there a way I can install >> the remote api handler without overwriting my app code? >> >> I tried to create a new empty version of my app and added >> >> handlers: >> - url: /remote_api >> script: $PYTHON_LIB/google/appengine/ext/remote_api/handler.py >> login: admin >> >> to app.yaml, as instructed in >> - http://code.google.com/appengine/articles/remote_api.html >> but I get 404 error when trying to use remote_api_shell.py >> >> Thank you for your help. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<google-appengine%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> >> > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > http://crm.ifreetools.com > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- Nick Johnson, Developer Programs Engineer, App Engine Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047 Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047 -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
