Plead: help me download my app code

[Ricardo Sánchez-Sáez]

Hello,

I reckon this has been asked many times, and the general answer is
that we should use a code revision or backup tool.

I recently got my laptop stolen, and hadn't been careful enough with
my backups. Can somebody at Google help me recover my code?

I found a tricky way to do this, but I am afraid I did not have the
remote api handlers installed.
- http://stackoverflow.com/questions/2479087/can-i-restore-my-source-code-that-has-been-uploaded-into-google-appengine/
How does one install remote api handlers? Is there a way I can install
the remote api handler without overwriting my app code?

I tried to create a new empty version of my app and added

handlers:
- url: /remote_api
script: $PYTHON_LIB/google/appengine/ext/remote_api/handler.py
login: admin

to app.yaml, as instructed in
- http://code.google.com/appengine/articles/remote_api.html
but I get 404 error when trying to use remote_api_shell.py

Thank you for your help.

[Rajkumar Radhakrishnan]

Hi,

I will have to let you know of a possibility of a loophole, so that it can be fixed my Google App Engine developers - which has been of concern to me for some time now.

This thread here talks about uploading a part of the application..

http://groups.google.com/group/google-appengine/browse_thread/thread/3bf636ee0010d80?pli=1

djidjadji writes :

appcfg.py will only upload the changed files. 

It first collects hash-md5 values for all files that are part of the 

application. 

Sends these hash values to the server, in filename-hash combos. 

The server returns the filenames it does not have, in any of the 

versions of the app. 

Then appcfg.py uploads these files. 

....

thanhnv says :

...So, I have edited a 

little code of appcfg.py to solve this issue.... 

Reading this, I believe it should be possible to hack with appcfg.py (under google/appengine/tools/appcfg.py) and make it upload part of the file - specifically a new version of app.yaml with just the code to enable the downloading of source files - either in the approach Nick Johnson has mentioned in the StackOverFlow article or if you search around, you should be able to find request handler code to do that specifically.

After this partial deployment, you should have the version with the old files residing along with the new set of files to download the source files and with the new app.yaml to trigger that download code.

Now you can execute the new code to get a back up of your old files. 

This is just theory, I did not have the time to test it out. I suggest you to deploy a test app with some simulate this first before you attempt this on your existing app. If it works, let this group know.

For if it works, it goes against the notion that GAE allows source protection for developers when they upload their code to third-parties. The scenario is : typically 3rd parties can signup for App Engine and grant developer access to the person who wrote the code (or owns it) to upload it to their application instance. Not having the option to download code protects the rights of the developer / code-owner. But if this approach works, then the 3rd party can in theory download that code using this approach, if they want to.

So why am I exposing this possibility.. in the hope that it helps you for now and that Google App Engine folks will somehow plug this loophole soon. Plugging this loop-hole can mean that..

"smart update" feature of uploading changed files will have to go, 

(or)

"smart update" will be disabled by default for all apps and can be enabled, if required

(or) 

better measures to check that the "smart update" feature has not been misused - a bit difficult, if not impossible. 

If the loop-hole exists and is not fixed -- then it is equivalent of having a "download code" option in the administrative console and developers can think about source code licensing options.

GAE folks, feel free to correct me if my assumptions on the possibility are wrong. I will be glad to hear that.

Thanks & Regards,

R.Rajkumar

2010/4/8 Ricardo Sánchez-Sáez <agen...@gmail.com>

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://crm.ifreetools.com

[Nick Johnson (Google)]

Hi Rajkumar,

On Thu, Apr 8, 2010 at 5:14 PM, Rajkumar Radhakrishnan <r.raj...@gmail.com> wrote:

Hi,

I will have to let you know of a possibility of a loophole, so that it can be fixed my Google App Engine developers - which has been of concern to me for some time now.

This thread here talks about uploading a part of the application..

http://groups.google.com/group/google-appengine/browse_thread/thread/3bf636ee0010d80?pli=1

djidjadji writes :

appcfg.py will only upload the changed files. 

It first collects hash-md5 values for all files that are part of the 

application. 

Sends these hash values to the server, in filename-hash combos. 

The server returns the filenames it does not have, in any of the 

versions of the app. 

Then appcfg.py uploads these files. 

....

thanhnv says :

...So, I have edited a 

little code of appcfg.py to solve this issue.... 

Reading this, I believe it should be possible to hack with appcfg.py (under google/appengine/tools/appcfg.py) and make it upload part of the file - specifically a new version of app.yaml with just the code to enable the downloading of source files - either in the approach Nick Johnson has mentioned in the StackOverFlow article or if you search around, you should be able to find request handler code to do that specifically.

After this partial deployment, you should have the version with the old files residing along with the new set of files to download the source files and with the new app.yaml to trigger that download code.

The deployment process requires appcfg to provide a manifest of the names and SHA1 hashes of all the files being uploaded. Thus, modifying appcfg to do a 'partial update' such as you describe would require you to have the SHA1 hashes and filepaths of all the files in the app - and acquiring those hashes is likely to require having the source code in the first place!

-Nick Johnson

--
Nick Johnson, Developer Programs Engineer, App Engine Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047
Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047

[Rajkumar Radhakrishnan]

Glad to hear that, Nick Johnson, now I can sleep peacefully. 

And, sorry Ricardo Sánchez-Sáez, that might not be useful.

Regards,

R.Rajkumar