Google Appengine and my slacking attitude ^_^

When we went to the Google Dev conference it seemed like appengine
and KML were the things that really interested me, so when I got
home it was my singular honor to crawl the whole project for bugs
and ways to *hack* up the google appengine to my disappointment

the appengine didn't allow custom 404 handlers so I had to mess
with the regex for page request handling and got this:

('/.*', hnd404) 

now that looks like an awesome hack doesn't it NO and yes you know why
because it happens that this means I have to handle everything and I mean
everything from requests like

this means I have to either hardcode or automated file search and display
and also custom handlers like facebook's to show
user's profile or something of that sort.

Hard coding means something like this

class hnd404(webapp.RequestHandler):
     def get(self):
        request = self.request.uri split_request = request.split("/")
        # now I can do 
        if split_request[3] == 'images':
               #load file which is 
               file = request.split("/")
               path = os.path.join(os.path.dirname(__file__), 'images', file[len(file)-1])
               self.response.out.write(open(path, 'rb').read())
             self.response.out.write("404 Error by laudarch for " + "'" + split_request[3] + "' Not Found ;p"

Looks extremely cool doesn't it ^^ but then won't you have security
problems with this? what if someone requests for ../../../../../../etc/passwd O_O
what are you going to do then? beg google for mercy and help?
yep I know it can't be possible if we are doing
path = os.path.join(os.path.dirname(__file__),...
Because this tells appengine from my current directory etc but lets
skip that argument it will take pages to explain *potential* issues
with that technique and the fact that it sucks.
It sucks!! yep it does because you will have to handle all that
BS am still working on a better format and have seen some cool ideas
but then that brings us to my slacking :(

I don't have enough *time*, am a beginner diff boy for OpenBSD and
am *yet* to send a diff am working on a payment system, a wifi system,
an SHS Graduate government project, etc so
am in nedd of more time and not to talk of hardware and phreaking hehe
and security scans which I should be blogging about;
University of Ghana comes to mind after their funny sweep of the
viagra ads and not blocking the sec hole in their site suckers just
ask for help hehe.

I have like five appengine projects on my laptop that is waiting to
be completed and am here calling GTUG Ghana developers slackers which
got me into a lamer argument with a retard ^^

So I'll do my best to complete them because they are great and cool and
I'll try to share more appengine tricks these are not the only ones I
have found or done but then again I have to complete a project by Friday
and I have barely started.

ok Bye :)


Popular Posts