2010/09/08

Google Appengine and my slacking attitude ^_^

When we went to the Google Dev conference it seemed like appengine
and KML were the things that really interested me, so when I got
home it was my singular honor to crawl the whole project for bugs
and ways to *hack* up the google appengine to my disappointment

the appengine didn't allow custom 404 handlers so I had to mess
with the regex for page request handling and got this:

('/.*', hnd404) 

now that looks like an awesome hack doesn't it NO and yes you know why
because it happens that this means I have to handle everything and I mean
everything from requests like http://www.foo.com/images/bar.png

this means I have to either hardcode or automated file search and display
and also custom handlers like facebook's http://www.foo.com/user to show
user's profile or something of that sort.

Hard coding means something like this


class hnd404(webapp.RequestHandler):
     def get(self):
        request = self.request.uri split_request = request.split("/")
        # now I can do 
        if split_request[3] == 'images':
               #load file which is 
               file = request.split("/")
               path = os.path.join(os.path.dirname(__file__), 'images', file[len(file)-1])
               self.response.out.write(open(path, 'rb').read())
        else:
             self.response.out.write("404 Error by laudarch for " + "'" + split_request[3] + "' Not Found ;p"

Looks extremely cool doesn't it ^^ but then won't you have security
problems with this? what if someone requests for ../../../../../../etc/passwd O_O
what are you going to do then? beg google for mercy and help?
yep I know it can't be possible if we are doing
path = os.path.join(os.path.dirname(__file__),...
Because this tells appengine from my current directory etc but lets
skip that argument it will take pages to explain *potential* issues
with that technique and the fact that it sucks.
It sucks!! yep it does because you will have to handle all that
BS am still working on a better format and have seen some cool ideas
but then that brings us to my slacking :(

I don't have enough *time*, am a beginner diff boy for OpenBSD and
am *yet* to send a diff am working on a payment system, a wifi system,
an SHS Graduate government project, etc so
am in nedd of more time and not to talk of hardware and phreaking hehe
and security scans which I should be blogging about;
University of Ghana comes to mind after their funny sweep of the
viagra ads and not blocking the sec hole in their site suckers just
ask for help hehe.

I have like five appengine projects on my laptop that is waiting to
be completed and am here calling GTUG Ghana developers slackers which
got me into a lamer argument with a retard ^^

So I'll do my best to complete them because they are great and cool and
I'll try to share more appengine tricks these are not the only ones I
have found or done but then again I have to complete a project by Friday
and I have barely started.

ok Bye :)


No comments:

Post a Comment