I also think they are exagerated. But what I'm thinking is not important lol :D
Christian On Thu, Jun 3, 2010 at 4:27 PM, Bill Milligan <[email protected]>wrote: > > Hi Christian, > > For that kind of control on physical security, you really need dedicated > servers that you can physically touch in a data center. This is really very > not cheap. Some kinds of applications require this security, such as > banking, investment, or credit tracking software, where you are dealing with > customers with a great deal to lose, and I'm talking on the order of > millions. > > Suppose someone broke into google's servers and hacked the database. This > is quite unlikely, and even if someone *did* break in, I think your small > business application is going to be the least of their interests. But > suppose they did break in -- they would still be unable to access your data > unless they also had the schema definitions. What are you doing to > safeguard your source control and configuration management systems? If > someone has those, then the possibility of stealing data becomes much more > likely. > > There's no way to say *where* data is hosted in this kind of database. > Even Google would probably be hard pressed to figure out exactly what > location a particular piece of data is at any given moment. If you really > need high end security, then you'd indubitably need that kind of failover as > well. For instance, I once worked for a high-end consumer credit agency. > In the event that their primary data center failed, in their > missle-hardened unmarked location in the US, then we had a disaster recovery > system ready to go in Canada. The end consumer would have noticed little to > no change in the behavior of the system. Google's failover and backup > system probably makes this look like child's play. > > I'm not going to say these kinds of concerns of yours are groundless, but I > will suggest to you that they're probably exaggerated for the application > you have in mind. If they're not exaggerated, then probably Google App > Engine is not the solution you need. > > On Thu, Jun 3, 2010 at 1:17 PM, Christian Goudreau < > [email protected]> wrote: > >> I need some answers, it's really important for my business. >> >> Regards, >> >> Christian >> >> On Tue, Jun 1, 2010 at 10:20 PM, Christian Goudreau < >> [email protected]> wrote: >> >>> Oh I forgot one question that my administrators asked me. >>> >>> If I delete an objet from my datastore, how long this data is kept in >>> Google's backup ? >>> >>> Christian >>> >>> >>> On Tue, Jun 1, 2010 at 6:15 PM, Christian Goudreau < >>> [email protected]> wrote: >>> >>>> Thanks a lot, >>>> >>>> My last concern was about laws an countries. I'm from canada and >>>> personnal informations is a big concern over here. >>>> >>>> I read somewhere that it's planned to have the possibilities to choose >>>> in which countrie my data are stored, but not in a short/mid term delay. Is >>>> that right ? >>>> >>>> I also read that it was stored in california, is that righ too ? >>>> >>>> Regards, >>>> >>>> Christian >>>> >>>> >>>> On Tue, Jun 1, 2010 at 6:08 PM, Ronmell (VDKiT) <[email protected]>wrote: >>>> >>>>> Hi Christian. >>>>> >>>>> Remember the data in datastore is schemaless which means there's no >>>>> clue of how data is stored. so, if someone gets inside your >>>>> application he needs to know the declaration of the entity or at least >>>>> how the POJO is structured in order to know how to get the data. >>>>> >>>>> In python, for example, when you use the tools for manipulating/ >>>>> connecting to the data in your app, you need to have a exporter/loader >>>>> class thus if you don't know how entities are structured the tool will >>>>> retrieve errors instead of data and even the tool is not going to >>>>> allow you to connect. >>>>> >>>>> unless you give the intruder the declaration of the POJOs or entities >>>>> in your data store. >>>>> >>>>> Besides, you can control, the flow of data, by implementing a module >>>>> which resolve and process all the request to the datastore and you can >>>>> use authentication and that's all, simple and effective. >>>>> >>>>> Rgds. >>>>> >>>>> R >>>>> >>>>> On Jun 1, 3:43 pm, "Ikai L (Google)" <[email protected]> wrote: >>>>> > Here's a white paper about Google Apps security: >>>>> > >>>>> > >>>>> http://static.googleusercontent.com/external_content/untrusted_dlcp/w. >>>>> .. >>>>> > >>>>> > < >>>>> http://static.googleusercontent.com/external_content/untrusted_dlcp/w.. >>>>> .>You'll >>>>> > find many of the same topics apply with regards to App Engine, though >>>>> we >>>>> > have not yet published an App Engine specific security whitepaper. >>>>> We'll >>>>> > maintain the same physical and electronic security guarantees of >>>>> security >>>>> > for your data, however, ultimately it'll be up to you to write your >>>>> > application in a secure fashion (prevent XSS attacks, educate users >>>>> about >>>>> > phishing, logically segment data, etc). >>>>> > >>>>> > On Mon, May 31, 2010 at 9:38 AM, Christian Goudreau < >>>>> > >>>>> > >>>>> > >>>>> > [email protected]> wrote: >>>>> > > I want to understand exactly how data that I send into data store >>>>> are >>>>> > > secured, the limitation and what is the guarantee if someone brakes >>>>> in and >>>>> > > steel some personnal informations about a member ? >>>>> > >>>>> > > I want to build a small a application for a small business that >>>>> store a lot >>>>> > > of informations about their members. Those informations are >>>>> sensitive and I >>>>> > > was wondering how am I protected. >>>>> > >>>>> > > Thanks >>>>> > >>>>> > > -- >>>>> >>>>> > > You received this message because you are subscribed to the Google >>>>> Groups >>>>> > > "Google App Engine for Java" group. >>>>> > > To post to this group, send email to >>>>> > > [email protected]. >>>>> > > To unsubscribe from this group, send email to >>>>> > > [email protected]<google-appengine-java%[email protected]> >>>>> <google-appengine-java%[email protected]<google-appengine-java%[email protected]> >>>>> > >>>>> > > . >>>>> > > For more options, visit this group at >>>>> > >http://groups.google.com/group/google-appengine-java?hl=en. >>>>> > >>>>> > -- >>>>> > Ikai Lan >>>>> > Developer Programs Engineer, Google App Engine >>>>> > Blog:http://googleappengine.blogspot.com >>>>> > Twitter:http://twitter.com/app_engine >>>>> > Reddit:http://www.reddit.com/r/appengine >>>>> >>>>> -- >>>>> >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Google App Engine for Java" group. >>>>> To post to this group, send email to >>>>> [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]<google-appengine-java%[email protected]> >>>>> . >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/google-appengine-java?hl=en. >>>>> >>>>> >>>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine for Java" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<google-appengine-java%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/google-appengine-java?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine-java%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
