Endpoint Protection offers security management which includes adequate securing list of endpoints that includes laptops, smartphones, desktops and other Internet of things. https://360.comodo.com/security-solutions/endpoint-protection/
On Monday, July 31, 2017 at 9:36:38 PM UTC+5:30, Yannick (Cloud Platform Support) wrote: > > If you want to restrict access to your endpoint using an API key you > should not have to worry about clients. You say you only want to server > requests from a certain domain (eg: domain.com) correct? In that case > users of that domain would make requests to it, and the server of > domain.com would be the one to use its API key to call your Endpoint. > This way users of domain.com are never in possession of your API key. > > On Friday, July 28, 2017 at 8:12:05 PM UTC-4, Raunak Gupta wrote: >> >> Hi Yannick, >> >> Namespaces make sense for various environments - Prod / Stage, etc. >> >> I'm not 100% clear on the part where I restrict Google Endpoint to serve >> only the requests coming from domain.com. The thing I am trying to avoid >> is for "bad guys" calling my API from their machines. I can add client API >> keys to my Endpoint, but these keys can be easily obtained by looking at >> the HTML. I hope you see what my concern is here. >> >> On Friday, 28 July 2017 20:28:58 UTC+1, Yannick (Cloud Platform Support) >> wrote: >>> >>> Hello, welcome to the forums. >>> >>> 1) You can choose which URLs you want to restrict in your Java >>> application using security constraints >>> <https://cloud.google.com/appengine/docs/standard/java/config/webxml#Security_and_Authentication>. >>> >>> That way only someone logged in as a developer or your application itself >>> can access that endpoint. >>> 2) There are many ways to implement having a staging and production >>> environment. You could use a separate service >>> <https://cloud.google.com/appengine/docs/standard/java/an-overview-of-app-engine> >>> as >>> your staging environment. Several App Engine services such as Datastore >>> will also let you use namespaces >>> <https://cloud.google.com/appengine/docs/standard/java/multitenancy/> to >>> keep the data of your environment separates. Finally you could simply >>> create a different cloud project and use that as your staging environment. >>> >>> I hope this helps. Let me know if I can clarify anything for you. >>> >>> On Friday, July 28, 2017 at 12:39:06 PM UTC-4, Raunak Gupta wrote: >>>> >>>> **Hoping to get some insights from the community. ** >>>> >>>> With a Google Endpoint version 2 app (Java 8) deployed on GAE, the >>>> project becomes available under the url <project-name>.appspot.com. >>>> >>>> I had few questions around deployment and security: >>>> >>>> 1. The URL <project-name>.appspot.com is accessible by everyone by >>>> default. How do I restrict it so only that Endpoint only responds to >>>> requests coming from my domain or my sub-domain. >>>> 2. How do you go about deployment such that you have a staging >>>> environment and a production environment >>>> >>>> Many thanks for your time responding to this. >>>> >>> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/60060880-a629-4628-b7c6-0495222c9702%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
