authentication for non web based python apps
65 views
Skip to first unread message
liu
Jul 28, 2011, 7:35:15 AM7/28/11
to Google App Engine
Hi all,
Currently, we are deploying a wireless sensor network at one of
international leading semiconductor companies in UK to monitor the
efficiency of their facilities. We are building a non web based python
application which is residing on GAE. The situation is this:
I have built another non web based python application on a remote PC
to gather the data from the wireless sensor network and send those
information via https to the python application on GAE, and put them
into the google data store.
Our customer require the https for the data communication. My current
strategy is using what GAE suggests "login" and "secure" features
enables in app.yaml file, but I think this is for the web based
application authentication, is that right?
The question is I have no problem for sending data from python app at
PC end to GAE without authentication, but if this is enabled, the
python can't be able to send data to GAE even I logged in using admin
account in the web browser. So I think logging in from web using my
Google account will enable the non web based python application to be
authorised for data communication over https. Am I right?
I have looked at OAuth, but it seems to me I still need to do the web
sign-in before the data consumer app can act on behalf of users. In
addition, my understanding is that the data consumer app is also web
based.
Can anyone make some suggestions for our specific situation please?
How to make the auto sign-in for the data communication over https
between two non web based python apps?
Thank you very much.
Best regards,
Ruoshui
Currently, we are deploying a wireless sensor network at one of
international leading semiconductor companies in UK to monitor the
efficiency of their facilities. We are building a non web based python
application which is residing on GAE. The situation is this:
I have built another non web based python application on a remote PC
to gather the data from the wireless sensor network and send those
information via https to the python application on GAE, and put them
into the google data store.
Our customer require the https for the data communication. My current
strategy is using what GAE suggests "login" and "secure" features
enables in app.yaml file, but I think this is for the web based
application authentication, is that right?
The question is I have no problem for sending data from python app at
PC end to GAE without authentication, but if this is enabled, the
python can't be able to send data to GAE even I logged in using admin
account in the web browser. So I think logging in from web using my
Google account will enable the non web based python application to be
authorised for data communication over https. Am I right?
I have looked at OAuth, but it seems to me I still need to do the web
sign-in before the data consumer app can act on behalf of users. In
addition, my understanding is that the data consumer app is also web
based.
Can anyone make some suggestions for our specific situation please?
How to make the auto sign-in for the data communication over https
between two non web based python apps?
Thank you very much.
Best regards,
Ruoshui
Stephen Johnson
Jul 28, 2011, 12:36:29 PM7/28/11
to google-a...@googlegroups.com
Hi Ruoshui,
You're app can use "https" regardless of whether or not you use any type of login authentication. "https" causes the http data transmission to be encrypted, it doesn't have anything to do with actually logging in to your app or not. So, when your python app makes the "http" request, replace it with an "https" url instead. If in addition, you want to make sure that your client-side app is the only one sending data to it just as a precaution then just add a "password/identifier" to the request that the server validates and have some mechanism to change this on both the client and server side, but it doesn't sound like that is even necessary from what your saying, the company just doesn't want the data sent over the internet in plain text. You can check that requests are being sent over https by checking the Quota Details page once you've made the changes to your client-side app. You could also add to your request handlers on the server-side that any communication that isn't https be rejected as a further precaution.Stephen
CortexConnect
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
liu
Jul 28, 2011, 3:30:54 PM7/28/11
to Google App Engine
Hi Stephen,
Thank you very much for you response. Are you saying I just need to
use "https" connection in python like following:
>>> conn = httplib.HTTPSConnection('xxxx.appspot.com')
>>> conn.putrequest('POST', 'xxxx.appspot.com')
>>> conn.putheader('Content-Length', str(len(packet_send)))
>>> conn.putheader('Content-Type', 'text/plain; charset="utf-8"')
>>> conn.endheaders()
>>> conn.send(packet_send)
How the authentication at the server part is done without giving any
user name and password?
My current situation is I would like to have both python apps, one at
client end one at the server (GAE) end to communicate with each other
by sending data from client to server over https channel, but I am not
sure what is the appropriate way to implement such secure data
transmission. Would you be able to be specific please?
Many thanks,
Best regards,
Ruoshui
Thank you very much for you response. Are you saying I just need to
use "https" connection in python like following:
>>> conn = httplib.HTTPSConnection('xxxx.appspot.com')
>>> conn.putrequest('POST', 'xxxx.appspot.com')
>>> conn.putheader('Content-Length', str(len(packet_send)))
>>> conn.putheader('Content-Type', 'text/plain; charset="utf-8"')
>>> conn.endheaders()
>>> conn.send(packet_send)
How the authentication at the server part is done without giving any
user name and password?
My current situation is I would like to have both python apps, one at
client end one at the server (GAE) end to communicate with each other
by sending data from client to server over https channel, but I am not
sure what is the appropriate way to implement such secure data
transmission. Would you be able to be specific please?
Many thanks,
Best regards,
Ruoshui
liu
Jul 28, 2011, 3:30:47 PM7/28/11
to Google App Engine
Hi Stephen,
Thank you very much for you response. Are you saying I just need to
use "https" connection in python like following:
>>> conn = httplib.HTTPSConnection('xxxx.appspot.com')
>>> conn.putrequest('POST', 'xxxx.appspot.com')
>>> conn.putheader('Content-Length', str(len(packet_send)))
>>> conn.putheader('Content-Type', 'text/plain; charset="utf-8"')
>>> conn.endheaders()
>>> conn.send(packet_send)
How the authentication at the server part is done without giving any
user name and password?
My current situation is I would like to have both python apps, one at
client end one at the server (GAE) end to communicate with each other
by sending data from client to server over https channel, but I am not
sure what is the appropriate way to implement such secure data
transmission. Would you be able to be specific please?
Many thanks,
Best regards,
Ruoshui
On 7月28日, 下午5时36分, Stephen Johnson <onepagewo...@gmail.com> wrote:
Thank you very much for you response. Are you saying I just need to
use "https" connection in python like following:
>>> conn = httplib.HTTPSConnection('xxxx.appspot.com')
>>> conn.putrequest('POST', 'xxxx.appspot.com')
>>> conn.putheader('Content-Length', str(len(packet_send)))
>>> conn.putheader('Content-Type', 'text/plain; charset="utf-8"')
>>> conn.endheaders()
>>> conn.send(packet_send)
How the authentication at the server part is done without giving any
user name and password?
My current situation is I would like to have both python apps, one at
client end one at the server (GAE) end to communicate with each other
by sending data from client to server over https channel, but I am not
sure what is the appropriate way to implement such secure data
transmission. Would you be able to be specific please?
Many thanks,
Best regards,
Ruoshui
On 7月28日, 下午5时36分, Stephen Johnson <onepagewo...@gmail.com> wrote:
Ernesto Oltra
Jul 28, 2011, 4:44:23 PM7/28/11
to google-a...@googlegroups.com
Stephen said you could use HTTPS no matter what authentication system you have.
And he suggested too hard-coding some random string in your client app and in the server; send it with all your request and check it in the server. As long as you keep that string secure, your system would be secure:
>>> conn = httplib.HTTPSConnection('xxxx.appspot.com')
>>> conn.putrequest('POST', 'xxxx.appspot.com')
>>> conn.putheader('Content-Length', str(len(packet_send)))
>>> conn.putheader('Content-Type', 'text/plain; charset="utf-8"')
>>> conn.putrequest('POST', 'xxxx.appspot.com')
>>> conn.putheader('Content-Length', str(len(packet_send)))
>>> conn.putheader('Content-Type', 'text/plain; charset="utf-8"')
>>> conn.putheader('Super-Secure-Password', 'qwertyuiopadfghjklñzcvbnm134567890"') // or whatever you want
>>> conn.endheaders()
>>> conn.send(packet_send)
>>> conn.endheaders()
>>> conn.send(packet_send)
and in the server (as an example if you're using webapp):
class XX:
def post(self):
if self.request.headers['Super-Secure-Password'] != 'qwertyuiopadfghjklñzcvnm134567890':
FireAlerts_UserIsNotAuthenticated()
return
OtherWorkHere()
If you need a stronger system, you may want to use OAuth:
However hard-code the password remains the easier way of doing authentication.
liu
Jul 28, 2011, 5:03:25 PM7/28/11
to google-a...@googlegroups.com
Hi Ernesto and Stephen,
Thank you both so much. Your comments clear up my confusion about the https and authentication. Initially, I mixed up these two concepts. They are two seperate things, I thought in order to use https you need to implement some kind of authentication like Google account login.
Yes, I agree with your suggestion. This can be done by using python httpsconneciton, and then I can use some kind of authentication mechanism on top of it like you suggested.
Thanks a lot again.
Regards,
Ruoshui
Thank you both so much. Your comments clear up my confusion about the https and authentication. Initially, I mixed up these two concepts. They are two seperate things, I thought in order to use https you need to implement some kind of authentication like Google account login.
Yes, I agree with your suggestion. This can be done by using python httpsconneciton, and then I can use some kind of authentication mechanism on top of it like you suggested.
Thanks a lot again.
Regards,
Ruoshui
Stephen Johnson
Jul 28, 2011, 6:18:05 PM7/28/11
to google-a...@googlegroups.com
Your welcome Ruoshui and thank you for the code sample Ernesto, I use Java on the server side so wouldn't have been much help with the Python.
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/xavEFz8YbUgJ.
Reply all
Reply to author
Forward
0 new messages