GAE的任务,是通过设计安全的网址吗? [英] GAE task, are the urls secure by design?
问题描述
我的问题是关于安全性的问题,如果我定义一个如下所示的队列:
- url:/ queues / long-task
script:urlhandlers.QueueLongTask.app
login: admin
我会确定/队列/长时间任务只能由管理员和任务系统?
预先感谢您
您是正确的,请登录:admin处理它。
这里您可以找到关于文档的更多信息:
https://cloud.google.com/appengine/docs/python / taskqueue / overview-push#Python_Securing_URLs_for_tasks
您也可以使用 X-AppEngine-QueueName 如果您只想在执行任务时执行特定的操作:
这些标头由Google App Engine内部设置,如果您的请求处理程序发现任何这些头文件可以相信这个请求是一个Task Queue请求,如果上面的头文件存在于你的应用程序的外部用户请求中,它们将被删除。
I'm trying to wrap my head around Google App Engine and more specifically at the Tasks.
My question is about security, if I define a queue like :
- url: /queues/long-task
script: urlhandlers.QueueLongTask.app
login: admin
Will I be sure that the /queues/long-task can only be accessed by admin AND task system ? I was not able to find a reference about this in the Google documentation.
Thank you in advance
You are correct, login: admin takes care of it.
Here you can find more info on the documentation: https://cloud.google.com/appengine/docs/python/taskqueue/overview-push#Python_Securing_URLs_for_tasks
You can also use the headers like X-AppEngine-QueueName if you want to do specific things only when this is called from a task:
"These headers are set internally by Google App Engine. If your request handler finds any of these headers, it can trust that the request is a Task Queue request. If any of the above headers are present in an external user request to your app, they are stripped."
这篇关于GAE的任务,是通过设计安全的网址吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
