Since App Engine is so locked down I assume there is no way to setup an SSL certificate to allow credit card payments. In the absence of this, how is it possible to secure handle payments in an App Engine app?
由于App Engine被锁定,我认为无法设置SSL证书以允许信用卡付款。如果没有这个,如何在App Engine应用程序中保证处理付款?
2 个解决方案
#1
http://code.google.com/appengine/docs/java/config/webxml.html#Secure_URLs says that
http://code.google.com/appengine/docs/java/config/webxml.html#Secure_URLs说
<ssl-enabled>true</ssl-enabled>
can be set in your appengine-web.xml file with *.appspot.com subdommains. Google had a typo in their opening tag on that page, just FYI. For Google Apps you can't use HTTPS at all, but for appspot you can.
可以使用* .appspot.com子域名在appengine-web.xml文件中设置。谷歌在该页面上的开头标签上有一个拼写错误,仅供参考。对于Google Apps,您根本无法使用HTTPS,但对于appspot,您可以使用HTTPS。
As far as using your own cert, you can't! For appspot, Google's cert is not signed for your web-app's specific domain so it will cause a browser pop-up, but if accepted the page will load.
至于使用自己的证书,你不能!对于appspot,Google的证书未针对您的网络应用的特定域进行签名,因此会导致浏览器弹出,但如果接受,则会加载该页面。
#2
As of today, App Engine supports SSL on your own domain. See: https://developers.google.com/appengine/docs/ssl
截至今天,App Engine在您自己的域上支持SSL。请参阅:https://developers.google.com/appengine/docs/ssl
Note that there are two options. The more expensive (VIP - $99 per month) will work with all browsers, whereas the cheaper (SNI - $9 per month) doesn't work on some variations. See here: http://en.wikipedia.org/wiki/Server_Name_Indication#Support
请注意,有两个选项。更贵(VIP - 每月99美元)适用于所有浏览器,而更便宜(SNI - 每月9美元)不适用于某些变化。请参见:http://en.wikipedia.org/wiki/Server_Name_Indication#Support
You can also use e.g. Cloudflare.com to front your app and provide SSL. Currently this is HTTPS to Cloudflare and then normal HTTP to App Engine. This will protect from any drive-by hacks but would be possible to intercept should an attacker somehow get between CF and GAE. This technique is described here: http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
您也可以使用例如Cloudflare.com为您的应用提供支持并提供SSL。目前,这是HTTPS到Cloudflare,然后是普通的HTTP到App Engine。这将防止任何偷渡式黑客攻击,但如果攻击者以某种方式介入CF和GAE之间,则可以拦截。此处描述了此技术:http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
#1
http://code.google.com/appengine/docs/java/config/webxml.html#Secure_URLs says that
http://code.google.com/appengine/docs/java/config/webxml.html#Secure_URLs说
<ssl-enabled>true</ssl-enabled>
can be set in your appengine-web.xml file with *.appspot.com subdommains. Google had a typo in their opening tag on that page, just FYI. For Google Apps you can't use HTTPS at all, but for appspot you can.
可以使用* .appspot.com子域名在appengine-web.xml文件中设置。谷歌在该页面上的开头标签上有一个拼写错误,仅供参考。对于Google Apps,您根本无法使用HTTPS,但对于appspot,您可以使用HTTPS。
As far as using your own cert, you can't! For appspot, Google's cert is not signed for your web-app's specific domain so it will cause a browser pop-up, but if accepted the page will load.
至于使用自己的证书,你不能!对于appspot,Google的证书未针对您的网络应用的特定域进行签名,因此会导致浏览器弹出,但如果接受,则会加载该页面。
#2
As of today, App Engine supports SSL on your own domain. See: https://developers.google.com/appengine/docs/ssl
截至今天,App Engine在您自己的域上支持SSL。请参阅:https://developers.google.com/appengine/docs/ssl
Note that there are two options. The more expensive (VIP - $99 per month) will work with all browsers, whereas the cheaper (SNI - $9 per month) doesn't work on some variations. See here: http://en.wikipedia.org/wiki/Server_Name_Indication#Support
请注意,有两个选项。更贵(VIP - 每月99美元)适用于所有浏览器,而更便宜(SNI - 每月9美元)不适用于某些变化。请参见:http://en.wikipedia.org/wiki/Server_Name_Indication#Support
You can also use e.g. Cloudflare.com to front your app and provide SSL. Currently this is HTTPS to Cloudflare and then normal HTTP to App Engine. This will protect from any drive-by hacks but would be possible to intercept should an attacker somehow get between CF and GAE. This technique is described here: http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
您也可以使用例如Cloudflare.com为您的应用提供支持并提供SSL。目前,这是HTTPS到Cloudflare,然后是普通的HTTP到App Engine。这将防止任何偷渡式黑客攻击,但如果攻击者以某种方式介入CF和GAE之间,则可以拦截。此处描述了此技术:http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine