GAE supports both incoming and outgoing emails: http://code.google.com/appengine/docs/python/mail/
Have any open source email clients been written for GAE? Something that handles encoding issues, attachments, grouping by conversations, etc.
The Google App Engine SDK can send and receive email; however, there are certain limitations in place that would prevent an actual email client from being built:
The App Engine receives email at the following address: string#appid.appspotmail.com
http://code.google.com/appengine/docs/python/mail/receivingmail.html
The problem I see with this is that you would need to have your users setup forwarding rules in their Google Accounts so that incoming mail is forwarded to your app using the above format. This means that they would need to rely on another email service, which would beg the question of what value yours would add over top of the existing service.
Sending is not quite so bad. The Google App Engine App can send mail on behalf of users logged in with their Google Account, so one could build an outbound email client using a user's Google Account.
http://code.google.com/appengine/docs/python/mail/sendingmail.html
For receiving mail, there are instructions here on how to do that by forwarding mail from an existing email client. It is currently not possible to use your own domain to receive emails without forwarding:
Custom Incoming Mail Domain With Google App Engine
In summary, to answer your question, if someone has built an email client on App Engine, they have not made it public or done enough marketing to appear in search results. Even so, their implementation would be subject to the limitations described above.
If you are looking for a general purpose Web-based Email client like Horde to run on the App Engine I'd say you are out of luck yet.
GAE blocks all incoming and outgoing RAW Socket traffic; to access the outside cloud you need to use the URLFetch API, and it only allows you to access HTTP websites. So you can't talk POP3 or IMAP from your app, nor you can listen to SMTP traffic.
You'd need some intermediate service that relays POP3 or IMAP through an HTTP web service running on a server outside GAE, like a VPS, EC2, Rackspace, etc.
I ended up writing my own helpdesk style app on GAE, with some basic email functionality. Working well so far.
Related
I am using Django rest Framework to build a REST API for one of my clients. The app provides some sensitive information such as passwords when the client asks for it through an API call.
Now, only authorized clients can access to the app and besides that, only authorized IP can connect.
But what if someone was listening in the middle of that connection ? He would see all the datas in clear.
Is there a way to encrypt those info, maybe with a password, and then decrypt it when it arrives ? (the client would have to update his app, but it's not a problem).
I was thinking maybe to create an "EncryptedResponse" instead of "Response" in my django app.
Thanks
If you don't have one already, purchase an SSL certificate and configure your site to load the API over HTTPS. That way the connection between the authorized client and your application would be encrypted which will prevent a man in the middle attack that you're describing.
If you're not going to load the API over HTTPS, then the authentication token, or API key, or whatever you're using to authenticate the client can also be intercepted.
However, if you're looking to stick to the encrypting the data route, I've found this guide that looks like it should help you be able do what you need to do:
http://gpiot.com/blog/encrypted-fields-pythondjango-keyczar/
I have been reading a lot about this google endpoints and I have trying to something that is not quite easy to guess. After you create a google cloud endpoint server and you deploy it is open to any HTTP request (unauthenticated). In the cloud endpoint documentation (referring to using authentication) you can read about setting OAuth2.0 to authenticate users with google account but there is no documentation about restrict the endpoint service to a specific mobile app (android or ios) and discard all other HTTP requests. So the question is how to authenticate mobile apps (no users) and prevent HTTP request (unauthenticated)? I'am building my server API(enpoints) based on Python.
Thank you.
In order to restrict your Endpoint to a specific application you can use OAuth2. This is because the OAuth2 flow does user authentication and in-turn the OAuth2 flow inherently authenticates the application requesting the OAuth2 access.
These two client samples detail how to enable authenticated calls on the client side. You have to register your apps in the Developer Console at http://cloud.google.com/console/ .
https://github.com/GoogleCloudPlatform/appengine-endpoints-helloendpoints-android (Starting after the Note in the readme)
https://github.com/GoogleCloudPlatform/appengine-endpoints-helloendpoints-ios/ (Step 8 in README)
authedGreeting is the authenticated call and you would check the User object in the method's backend project for null. If empty then you can immediately throw an unauthorized exception.
https://github.com/GoogleCloudPlatform/appengine-endpoints-helloendpoints-java-maven
Specifically, optional Step 2 in the README tells Cloud Endpoints to start looking for OAuth2 tokens in the request. If the Endpoints exposed method has a User parameter. It will populate it with a user instance only if an OAuth2 token was found, was generally valid, and the token was issued to a client ID defined in the API annotation on the service class.
During the setup of your endpoints API, in clientIds list you provide your WEB_CLIENT_ID, ANDROID_CLIENT_ID, and IOS_CLIENT_ID for example. These values tell the Google App Engine that your application will respond to HTTPS requests from web browsers and Android/iOS installed applications.
When your clients first connect your server, they must obtain an OAuth 2.0 token in order to the communication be secure and that is the reason why you use the WEB_CLIENT_ID in your installed client application. This WEB_CLIENT_ID is unique to your Google Cloud app and through it your client becomes capable of obtain an access_token and a renew_token to communicate with your backend server and your server only. This is a cross-client authorization.
So, if you need only the WEB_CLIENT_ID to obtain the access_token and the renew_token, why you need the ANDROID_CLIENT_ID and IOS_CLIENT_ID? For security reasons.
The ANDROID_CLIENT_ID is linked to a RSA signature key through the SHA1 informed at backend setup. Thus your GAE app will grant (access_token, renew_token) only installed apps signed with the same key listed at your application console (and of course in your clientIds list)
Finally Android apps signed with different or not signed will not receive any access_token, being unable to establish the secure communication channel or even communicate with your server.
I have a website which uses Amazon EC2 with Django and Google App Engine for its powerful Image API and image serving infrastructure. When a user uploads an image the browser makes an AJAX request to my EC2 server for the Blobstore upload url. I'm fetching this through my Django server so I can check whether the user is authenticated or not and then the server needs to get the url from the App Engine server. After the upload is complete and processed in App Engine I need to send the upload info back to the django server so I can build the required model instances. How can I accomplish this? I was thinking to use urllib but how can I secure this to make sure the urls will only get accessed by my servers only and not by a web user? Maybe some sort of secret key?
apart from the Https call ( which you should be making to transfer info to django ), you can go with AES encryption ( use Pycrypto/ any other lib). It takes a secret key to encrypt your message.
For server to server communication, traditional security advice would recommend some sort of IP range restriction at the web server level for the URLs in addition to whatever default security is in place. However, since you are making the call from a cloud provider to another cloud provider, your ability to permanently control the IP address of either the client and the server may diminished.
That said, I would recommend using a standard username/password authentication mechanism and HTTPS for transport security. A basic auth username/password would be my recommendation(https:\\username:password#appengine.com\). In addition, I would make sure to enforce a lockout based on a certain number of failed attempts in a specific time window. This would discourage attempts to brute force the password.
Depending on what web framework you are using on the App Engine, there is probably already support for some or all of what I just mentioned. If you update this question with more specifics on your architecture or open a new question with more information, we could give you a more accurate recommendation.
SDC provides a secure tunnel from AppEngine to a private network elsewhere -- which could be your EC2 instance, if you run it there.
I've built a Python app on Google App Engine which primarily handles incoming mail and does interesting based upon the email address at which the email is received.
I would like to use a custom domain for receiving emails as <some text>#<my app name>.appspotmail.com is rather cumbersome.
Unfortunately I've been unable to figure out how to get this setup. I've gleaned from questions like this one: Custom Incoming Mail Domain With Google App Engine that there is no way to enable this directly in Google App Engine but that using some sort of DNS trickery--probably related to MX records--that I'll be able to forward the emails sent to <arbitrary string>#<custom domain> to the real address at <arbitrary string>#<my app name>.appspotmail.com.
Can someone explain how to do this? I think the basic problem would be my lack of knowledge with regards to DNS, but may also be associated with the particular restrictions associated with DNS and GAE apps.
The solution presented in this question: Directing email for a domain to AppEngine email receiving service? works explicitly for domains hosted by providers with the cPanel control panel, is there a more generic solution?
It's nothing to do with "DNS trickery". You simply have to use a regular mail service - Google Apps will do - that can be configured to forward all incoming mail to a specific address, namely any address your app can receive email on. Your app can determine the original 'To' address by examining the headers.
I'm looking to send many emails via Python and would like to connect to Google's email servers to send it from my company email address (it's for work). I've got working code for sending the email through the old company email (user#work.com) which is our login, but can't figure out how to send it through the alias (user#betterdomain.com) we use frequently.
Long story short, logging in with my regular Google Apps account won't do and I need to sign in with an alias (nickname) instead. Alternatively, I can sign with the regular account (user#work.com) but send via a different email (user#betterdomain.com).
Working in python and pretty new to programming, but am a good listener! (It's like this question: Google Apps - Send email from a nickname but in Python).
If I understand properly, what you are trying to do is get the Google App Engine send an email on behalf of logged in user, who is using his Google Apps Account name to login. Is it right?
In that case, the mail API for App Engine informs about the mail.send_mail() wherein From: address can be the current user if signed in with Google Accounts. If this is not what you are looking for, some clarification might be required.