6đź‘Ť
Google Apps’ Secure Data Connector (SDC) is designed for this kind of tasks — indeed, it even works when the “other database” lives behind a firewall (a common case for enterprise data), and for other Google Apps (Docs, Spreadsheets, …) as well as App Engine.
As the docs summarize things, the flow is:
-
Google Apps forwards authorized data
requests from users who are within
the Google Apps domain to the Google
tunnel protocol servers. -
The tunnel servers validate that a
user is authorized to make the
request to the specified resource.
Google tunnel servers are connected
by an encrypted tunnel to SDC, which
runs within a company’s internal
network. -
The tunnel protocol allows SDC to
connect to a Google tunnel server,
authenticate, and encrypt the data
that flows across the Internet. -
SDC uses resource rules to validate
if a user is authorized to make a
request to a specified resource. -
An optional intranet firewall can be
used to provide extra network
security. -
SDC performs a network request to
the specified resource or services. -
The service validates the signed
request, checks the credentials, and
if the user is authorized, returns
the data.
If you don’t have to worry about firewalls, and have no security worries whatsoever, you can simplify things (as Daniel’s answer suggests) by just using urlfetch
directly (no tunnels, no validation, no encryption, no filtering, …) — but your worry about “the data being shared is sensitive data such as login details” suggests that this is not the case.
It’s not a problem of XML vs other formats — the problem is that sensitive data should not travel “in clear” over unprotected channels, nor be made available to all and sundry, and it’s often nicer to have specialized infrastructure deal with encryption, filtering, and authorization problems, as the SDC does, rather than having to code all of this (and make it totally secure and locked-down) in your own app or specialized infrastructure middleware. For these purposes, the SDC can be very helpful, even if you only need a fraction of its functionality.
3đź‘Ť
You may want to consider exposing a set of web services on the external domain where your database is hosted, and then use the App Engine’s URL Fetch API to communicate with your external domain via HTTPS.
- [Django]-How to change "This field is required" error message for a DjangoRestFramework serializer?
- [Django]-Error running manage.py syncdb for first time on Heroku: "You need to specify NAME in your Django settings file"
- [Django]-SMTPAuthenticationError at /password-reset/