Have you tried this service? I might give it a spin. Any advice? On Tuesday, 3 April 2012 17:29:04 UTC+1, Jeff Schnitzer wrote: > > Yes, the connection between CloudFlare and Google is unencrypted (at > the moment). But it doesn't defeat the point - it depends on what > your threat model is. > > If you are sending credit card #s to your backend, this link is a > problem - it violates PCI requirements. For other data, it depends on > your level of sensitivity. The probability of someone intercepting > your data goes from "very high" at the browser to much, much lower at > your servers. Even Google's SSL service likely terminates at some > sort of border router and traverses their (private) network > unencrypted. > > Anyone in the security business will tell you there is no 100% way to > secure your system, only ways to reduce the risk. I'm sure that > someone out there has real statistics to back this up, but the biggest > threats to data security seem to be compromised machines, first-mile > snooping (FireSheep), poorly secured infrastructure (default > passwords), lost/unsecured laptops and backup tapes, and unscrupulous > employees. Last-mile snooping is not what keeps me up at night. > > Then again, if your website is designed to coordinate civil > disobedience in restrictive regimes, I would be a lot more concerned > about the security of that last mile. I might not even consider GAE > an acceptable hosting platform - there are a lot of employees at > Google, and maybe one of them would take a big fat stack of cash (or a > hero's welcome "back home") to sneak out a data dump. > > Security must be considered in context. > > Jeff > > On Tue, Apr 3, 2012 at 12:00 PM, Gwyn Howell <gwyn.how...@appogee.co.uk> > wrote: > > I was getting excited until I got to the line "With GAE, you use the > > “Flexible SSL” option instead of the “Full SSL” option. This provides > > encryption between the browser and CloudFlare, but plain HTTP between > > CloudFlare and Google.". Doesn't that defeat the object?! If it's only > > encrypted as far as cloudflare your still vulnerable for those http > requests > > between cloudflare and app engine, right?! > > > > > > On Tuesday, 3 April 2012 16:52:59 UTC+1, Jeff Schnitzer wrote: > >> > >> Or, if appropriate, use this: > >> > >> > http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine > >> > >> (CF is re-investigating whether they can run the last-mile in SSL too) > >> > >> Jeff > >> > >> On Tue, Apr 3, 2012 at 7:09 AM, Gwyn Howell <gwyn.how...@appogee.co.uk> > >> wrote: > >> > right. well as i'm sure your aware, ssl isn't available for custom > >> > domains > >> > on app engine. there is a trusted tester program running you may wish > to > >> > sign up > >> > > >> > > >> > On Tuesday, 3 April 2012 12:04:55 UTC+1, Ruben D. Orduz wrote: > >> >> > >> >> The problem he is having is that secure connections are only through > >> >> https://app.appspot.com and not through his custom domain. > >> >> On Apr 3, 2012 6:51 AM, "Gwyn Howell" <gwyn.how...@appogee.co.uk> > >> >> wrote: > >> >> > > >> >> > not sure i fully understand, but if you are finding that all your > >> >> > urls > >> >> > are being directed to https then you may wish to check your > app.yaml > >> >> > file > >> >> > for secure: always. > >> >> > > >> >> > Forgive me if I've misunderstood. > >> >> > > >> >> > > >> >> > On Friday, 16 March 2012 10:03:47 UTC, msanztru wrote: > >> >> >> > >> >> >> Hello, > >> >> >> > >> >> >> We have added a custom domain to our appengine app. We followed > the > >> >> >> isntructions changed everything but something went wrong and we > >> >> >> can't > >> >> >> find the way to fix it. The thing is that in the google apps > >> >> >> appengine > >> >> >> tab the main url specified is https://appid.appspot.com. However, > >> >> >> and > >> >> >> that means all traffic from the domain mappings will be sent to > the > >> >> >> https url, and of course this won't work. I don't know how this > >> >> >> https > >> >> >> url ended up there as in the app engine admin console, the app url > >> >> >> is > >> >> >> http://appid.appspot.com. > >> >> >> > >> >> >> We haven't find the way to change this url. We have tried to > disable > >> >> >> this app in google apps but it didn't work, it stays there. > >> >> >> > >> >> >> This is quite urgent, so any help will be really appreciated!! > >> >> >> > >> >> >> Thanks in advance! > >> >> > > >> >> > -- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups "Google App Engine" group. > >> >> > To view this discussion on the web visit > >> >> > https://groups.google.com/d/msg/google-appengine/-/OCpFcT_0ys4J. > >> >> > > >> >> > To post to this group, send email to > >> >> > google-appengine@googlegroups.com. > >> >> > To unsubscribe from this group, send email to > >> >> > google-appengine+unsubscr...@googlegroups.com. > >> >> > For more options, visit this group at > >> >> > http://groups.google.com/group/google-appengine?hl=en. > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Google App Engine" group. > >> > To view this discussion on the web visit > >> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ. > >> > > >> > To post to this group, send email to > google-appengine@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > google-appengine+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/google-appengine?hl=en. > > > > > > On Tuesday, 3 April 2012 16:52:59 UTC+1, Jeff Schnitzer wrote: > >> > >> Or, if appropriate, use this: > >> > >> > http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine > >> > >> (CF is re-investigating whether they can run the last-mile in SSL too) > >> > >> Jeff > >> > >> On Tue, Apr 3, 2012 at 7:09 AM, Gwyn Howell <gwyn.how...@appogee.co.uk> > >> wrote: > >> > right. well as i'm sure your aware, ssl isn't available for custom > >> > domains > >> > on app engine. there is a trusted tester program running you may wish > to > >> > sign up > >> > > >> > > >> > On Tuesday, 3 April 2012 12:04:55 UTC+1, Ruben D. Orduz wrote: > >> >> > >> >> The problem he is having is that secure connections are only through > >> >> https://app.appspot.com and not through his custom domain. > >> >> On Apr 3, 2012 6:51 AM, "Gwyn Howell" <gwyn.how...@appogee.co.uk> > >> >> wrote: > >> >> > > >> >> > not sure i fully understand, but if you are finding that all your > >> >> > urls > >> >> > are being directed to https then you may wish to check your > app.yaml > >> >> > file > >> >> > for secure: always. > >> >> > > >> >> > Forgive me if I've misunderstood. > >> >> > > >> >> > > >> >> > On Friday, 16 March 2012 10:03:47 UTC, msanztru wrote: > >> >> >> > >> >> >> Hello, > >> >> >> > >> >> >> We have added a custom domain to our appengine app. We followed > the > >> >> >> isntructions changed everything but something went wrong and we > >> >> >> can't > >> >> >> find the way to fix it. The thing is that in the google apps > >> >> >> appengine > >> >> >> tab the main url specified is https://appid.appspot.com. However, > >> >> >> and > >> >> >> that means all traffic from the domain mappings will be sent to > the > >> >> >> https url, and of course this won't work. I don't know how this > >> >> >> https > >> >> >> url ended up there as in the app engine admin console, the app url > >> >> >> is > >> >> >> http://appid.appspot.com. > >> >> >> > >> >> >> We haven't find the way to change this url. We have tried to > disable > >> >> >> this app in google apps but it didn't work, it stays there. > >> >> >> > >> >> >> This is quite urgent, so any help will be really appreciated!! > >> >> >> > >> >> >> Thanks in advance! > >> >> > > >> >> > -- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups "Google App Engine" group. > >> >> > To view this discussion on the web visit > >> >> > https://groups.google.com/d/msg/google-appengine/-/OCpFcT_0ys4J. > >> >> > > >> >> > To post to this group, send email to > >> >> > google-appengine@googlegroups.com. > >> >> > To unsubscribe from this group, send email to > >> >> > google-appengine+unsubscr...@googlegroups.com. > >> >> > For more options, visit this group at > >> >> > http://groups.google.com/group/google-appengine?hl=en. > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Google App Engine" group. > >> > To view this discussion on the web visit > >> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ. > >> > > >> > To post to this group, send email to > google-appengine@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > google-appengine+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/google-appengine?hl=en. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/google-appengine/-/ozUMh_dpwQkJ. > > > > To post to this group, send email to google-appengine@googlegroups.com. > > To unsubscribe from this group, send email to > > google-appengine+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/google-appengine?hl=en. > > On Tuesday, 3 April 2012 17:29:04 UTC+1, Jeff Schnitzer wrote: > > Yes, the connection between CloudFlare and Google is unencrypted (at > the moment). But it doesn't defeat the point - it depends on what > your threat model is. > > If you are sending credit card #s to your backend, this link is a > problem - it violates PCI requirements. For other data, it depends on > your level of sensitivity. The probability of someone intercepting > your data goes from "very high" at the browser to much, much lower at > your servers. Even Google's SSL service likely terminates at some > sort of border router and traverses their (private) network > unencrypted. > > Anyone in the security business will tell you there is no 100% way to > secure your system, only ways to reduce the risk. I'm sure that > someone out there has real statistics to back this up, but the biggest > threats to data security seem to be compromised machines, first-mile > snooping (FireSheep), poorly secured infrastructure (default > passwords), lost/unsecured laptops and backup tapes, and unscrupulous > employees. Last-mile snooping is not what keeps me up at night. > > Then again, if your website is designed to coordinate civil > disobedience in restrictive regimes, I would be a lot more concerned > about the security of that last mile. I might not even consider GAE > an acceptable hosting platform - there are a lot of employees at > Google, and maybe one of them would take a big fat stack of cash (or a > hero's welcome "back home") to sneak out a data dump. > > Security must be considered in context. > > Jeff > > On Tue, Apr 3, 2012 at 12:00 PM, Gwyn Howell <gwyn.how...@appogee.co.uk> > wrote: > > I was getting excited until I got to the line "With GAE, you use the > > “Flexible SSL” option instead of the “Full SSL” option. This provides > > encryption between the browser and CloudFlare, but plain HTTP between > > CloudFlare and Google.". Doesn't that defeat the object?! If it's only > > encrypted as far as cloudflare your still vulnerable for those http > requests > > between cloudflare and app engine, right?! > > > > > > On Tuesday, 3 April 2012 16:52:59 UTC+1, Jeff Schnitzer wrote: > >> > >> Or, if appropriate, use this: > >> > >> > http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine > >> > >> (CF is re-investigating whether they can run the last-mile in SSL too) > >> > >> Jeff > >> > >> On Tue, Apr 3, 2012 at 7:09 AM, Gwyn Howell <gwyn.how...@appogee.co.uk> > >> wrote: > >> > right. well as i'm sure your aware, ssl isn't available for custom > >> > domains > >> > on app engine. there is a trusted tester program running you may wish > to > >> > sign up > >> > > >> > > >> > On Tuesday, 3 April 2012 12:04:55 UTC+1, Ruben D. Orduz wrote: > >> >> > >> >> The problem he is having is that secure connections are only through > >> >> https://app.appspot.com and not through his custom domain. > >> >> On Apr 3, 2012 6:51 AM, "Gwyn Howell" <gwyn.how...@appogee.co.uk> > >> >> wrote: > >> >> > > >> >> > not sure i fully understand, but if you are finding that all your > >> >> > urls > >> >> > are being directed to https then you may wish to check your > app.yaml > >> >> > file > >> >> > for secure: always. > >> >> > > >> >> > Forgive me if I've misunderstood. > >> >> > > >> >> > > >> >> > On Friday, 16 March 2012 10:03:47 UTC, msanztru wrote: > >> >> >> > >> >> >> Hello, > >> >> >> > >> >> >> We have added a custom domain to our appengine app. We followed > the > >> >> >> isntructions changed everything but something went wrong and we > >> >> >> can't > >> >> >> find the way to fix it. The thing is that in the google apps > >> >> >> appengine > >> >> >> tab the main url specified is https://appid.appspot.com. However, > >> >> >> and > >> >> >> that means all traffic from the domain mappings will be sent to > the > >> >> >> https url, and of course this won't work. I don't know how this > >> >> >> https > >> >> >> url ended up there as in the app engine admin console, the app url > >> >> >> is > >> >> >> http://appid.appspot.com. > >> >> >> > >> >> >> We haven't find the way to change this url. We have tried to > disable > >> >> >> this app in google apps but it didn't work, it stays there. > >> >> >> > >> >> >> This is quite urgent, so any help will be really appreciated!! > >> >> >> > >> >> >> Thanks in advance! > >> >> > > >> >> > -- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups "Google App Engine" group. > >> >> > To view this discussion on the web visit > >> >> > https://groups.google.com/d/msg/google-appengine/-/OCpFcT_0ys4J. > >> >> > > >> >> > To post to this group, send email to > >> >> > google-appengine@googlegroups.com. > >> >> > To unsubscribe from this group, send email to > >> >> > google-appengine+unsubscr...@googlegroups.com. > >> >> > For more options, visit this group at > >> >> > http://groups.google.com/group/google-appengine?hl=en. > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Google App Engine" group. > >> > To view this discussion on the web visit > >> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ. > >> > > >> > To post to this group, send email to > google-appengine@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > google-appengine+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/google-appengine?hl=en. > > > > > > On Tuesday, 3 April 2012 16:52:59 UTC+1, Jeff Schnitzer wrote: > >> > >> Or, if appropriate, use this: > >> > >> > http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine > >> > >> (CF is re-investigating whether they can run the last-mile in SSL too) > >> > >> Jeff > >> > >> On Tue, Apr 3, 2012 at 7:09 AM, Gwyn Howell <gwyn.how...@appogee.co.uk> > >> wrote: > >> > right. well as i'm sure your aware, ssl isn't available for custom > >> > domains > >> > on app engine. there is a trusted tester program running you may wish > to > >> > sign up > >> > > >> > > >> > On Tuesday, 3 April 2012 12:04:55 UTC+1, Ruben D. Orduz wrote: > >> >> > >> >> The problem he is having is that secure connections are only through > >> >> https://app.appspot.com and not through his custom domain. > >> >> On Apr 3, 2012 6:51 AM, "Gwyn Howell" <gwyn.how...@appogee.co.uk> > >> >> wrote: > >> >> > > >> >> > not sure i fully understand, but if you are finding that all your > >> >> > urls > >> >> > are being directed to https then you may wish to check your > app.yaml > >> >> > file > >> >> > for secure: always. > >> >> > > >> >> > Forgive me if I've misunderstood. > >> >> > > >> >> > > >> >> > On Friday, 16 March 2012 10:03:47 UTC, msanztru wrote: > >> >> >> > >> >> >> Hello, > >> >> >> > >> >> >> We have added a custom domain to our appengine app. We followed > the > >> >> >> isntructions changed everything but something went wrong and we > >> >> >> can't > >> >> >> find the way to fix it. The thing is that in the google apps > >> >> >> appengine > >> >> >> tab the main url specified is https://appid.appspot.com. However, > >> >> >> and > >> >> >> that means all traffic from the domain mappings will be sent to > the > >> >> >> https url, and of course this won't work. I don't know how this > >> >> >> https > >> >> >> url ended up there as in the app engine admin console, the app url > >> >> >> is > >> >> >> http://appid.appspot.com. > >> >> >> > >> >> >> We haven't find the way to change this url. We have tried to > disable > >> >> >> this app in google apps but it didn't work, it stays there. > >> >> >> > >> >> >> This is quite urgent, so any help will be really appreciated!! > >> >> >> > >> >> >> Thanks in advance! > >> >> > > >> >> > -- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups "Google App Engine" group. > >> >> > To view this discussion on the web visit > >> >> > https://groups.google.com/d/msg/google-appengine/-/OCpFcT_0ys4J. > >> >> > > >> >> > To post to this group, send email to > >> >> > google-appengine@googlegroups.com. > >> >> > To unsubscribe from this group, send email to > >> >> > google-appengine+unsubscr...@googlegroups.com. > >> >> > For more options, visit this group at > >> >> > http://groups.google.com/group/google-appengine?hl=en. > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Google App Engine" group. > >> > To view this discussion on the web visit > >> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ. > >> > > >> > To post to this group, send email to > google-appengine@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > google-appengine+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/google-appengine?hl=en. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/google-appengine/-/ozUMh_dpwQkJ. > > > > To post to this group, send email to google-appengine@googlegroups.com. > > To unsubscribe from this group, send email to > > google-appengine+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/google-appengine?hl=en. > >
-- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/T5wymn81_ZoJ. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
