适用于Google App Engine Datastore和外部数据库的最佳选择? [英] Best option for Google App Engine Datastore and external database?
问题描述
我需要一个App Engine应用程序与外部数据库进行通话和共享数据,
I need to get an App Engine app talking to and sharing data with an external database,
我可以想出的最好的选择是输出外部数据库数据到一个xml文件,然后在我的应用引擎应用程序中处理这个,并将其存储在数据存储区内,
The best option i can come up with is outputting the external database data to an xml file and then processing this in my app engine app and storing it inside the datastore,
虽然共享的数据是敏感数据,如登录详细信息,到一个xml文件不是一个好主意,应用程序引擎应用程序可以直接查询数据库吗?或者是使用xml文件的安全选项吗?
although the data being shared is sensitive data such as login details so outputting this to an xml file is not exactly a great idea, is it possible for the app engine app to directly query the database? or is there a secure option for using xml files?
哦,我使用python / django,外部数据库将托管在另一个域上
oh and im using python/django and the external database will be hosted on another domain
推荐答案
Google Apps的 Secure Data Connector (SDC)是为这种任务设计的 - 实际上,当其他数据库存在于防火墙(企业数据的常见情况)以及其他Google Apps(Docs,Spreadsheets, ..)以及App Engine。
Google Apps' Secure Data Connector (SDC) is designed for this kind of tasks -- indeed, it even works when the "other database" lives behind a firewall (a common case for enterprise data), and for other Google Apps (Docs, Spreadsheets, ...) as well as App Engine.
As 文档总结事情,流程如下:
As the docs summarize things, the flow is:
-
Google Apps转发授权数据
来自位于Google
隧道协议服务器的Google Apps域
以内的用户的请求。
Google Apps forwards authorized data requests from users who are within the Google Apps domain to the Google tunnel protocol servers.
隧道服务器验证a
用户是否被授权使
请求到指定的资源。
Google隧道服务器通过加密的隧道连接到
,SDC的
在公司的内部
网络中运行。
The tunnel servers validate that a user is authorized to make the request to the specified resource. Google tunnel servers are connected by an encrypted tunnel to SDC, which runs within a company's internal network.
隧道协议允许SDC到
连接到Google隧道服务器,
进行身份验证,并对通过Internet流动的数据
进行加密。
The tunnel protocol allows SDC to connect to a Google tunnel server, authenticate, and encrypt the data that flows across the Internet.
如果用户有权向指定的资源发出
请求,SDC将使用资源规则来验证
。
SDC uses resource rules to validate if a user is authorized to make a request to a specified resource.
可选的Intranet防火墙可以是
用于提供额外的网络
安全性。
An optional intranet firewall can be used to provide extra network security.
SDC执行网络请求
指定的资源或服务。
SDC performs a network request to the specified resource or services.
该服务验证签名的
请求,检查凭据,
如果用户被授权,返回
的数据。
The service validates the signed request, checks the credentials, and if the user is authorized, returns the data.
如果您不用担心防火墙,并没有任何安全担忧,只需使用 urlfe就可以简化事情(丹尼尔的回答表明) tch 直接(没有隧道,没有验证,没有加密,没有过滤,...) - 但你担心正在共享的数据是敏感数据,如登录详细信息表明这不是案例。
If you don't have to worry about firewalls, and have no security worries whatsoever, you can simplify things (as Daniel's answer suggests) by just using urlfetch directly (no tunnels, no validation, no encryption, no filtering, ...) -- but your worry about "the data being shared is sensitive data such as login details" suggests that this is not the case.
这不是XML与其他格式的问题 - 问题是敏感数据不应该通过未受保护的渠道清楚地传播,也不能提供对所有和各种各样的,并且像SDC一样,专门的基础架构处理加密,过滤和授权问题通常更好,而不是必须将所有这些(并使其完全安全和锁定)编码在自己的应用程序或专用基础设施中间件。为了这些目的,SDC可以非常有帮助,即使您只需要其功能的一小部分。
It's not a problem of XML vs other formats -- the problem is that sensitive data should not travel "in clear" over unprotected channels, nor be made available to all and sundry, and it's often nicer to have specialized infrastructure deal with encryption, filtering, and authorization problems, as the SDC does, rather than having to code all of this (and make it totally secure and locked-down) in your own app or specialized infrastructure middleware. For these purposes, the SDC can be very helpful, even if you only need a fraction of its functionality.
这篇关于适用于Google App Engine Datastore和外部数据库的最佳选择?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
