I used the googledocviewer to view some word an excel sheets on my site:
<iframe src="https://docs.google.com/viewer?url=http://domain.de/media/dokumente/worddocument.doc&embedded=true" style="width:600px; height:500px;" frameborder="0"></iframe>
The documents are on MY server.
It works fine, but now my question:
Generally, on the live site, all IP´s are on my server blacklisted, because only 5 specially IP´s have access to the site.
So, the iframe try to load the googledocviewer, but google is blacklistet (on my server, because it´s not an ip from the 5)
So, the screen shows:
no document available.
If I set the googledocviewer IP to my whitelist - indexing Google all my documents and save they at any google-server?
The documents are private !!! No other IP´s and users is allowed, to see this docs.
My suspicion:
Because I use the googledocs viewer and set the googledocsviewer IP to a whitelist, other users can now access to these private documents....
Sorry for my bad english...I'll work on it.
Best regards,
Thorsten
As mentioned in Whitelist domains for Google Apps, you can still set which files can be shared and you also can choose more permissive settings to be sure that you don't share confidential files.
You can allow file sharing in Google Drive for organizations that you trust by whitelisting their domain. After you whitelist a domain, you then grant Drive access so that users in your organization can share files and folders with users in the trusted domain.
Furthermore, it was also mentioned in grant sharing access for whitelisted domains
For Google Apps Unlimited, Google Apps for Education, and Google Apps for Nonprofits, you grant file sharing access by changing Drive sharing settings. For details, see Set file sharing permissions.
For Google Apps for Education, you grant access to classes by changing Classroom settings. For details, see Whitelist domains for Classroom.
Related
Is it easy for people to find "public" google sheets/docs?
Context: Storing some semi-sensitive data (individual user info, of non-sensitive nature) for an app beta-test in google sheets. Planning to migrate to some DB in the future, but for now, just using JavaScript to pull the data directly from the google sheets (since there are visualizations being dynamically updated by the sheets).
Yes, it's easy to get information. Search engines may index and cache the information. Then, there are bots, crawlers and scrapers. Do NOT put (semi)sensitive information in public. Implement google-oauth properly with google-sheets-api to get information. You can also use service-accounts
Yes, it can be easily accessed.
According to the official Google article Share files from Google Drive: when you set your file's General Access setting to public:
Anyone can search on Google and get access to your file, without signing in to their Google account.
What you can do:
In the case of your app beta-test in google sheets data, you may want to reconsider to change your file's General Access setting to one of the following (in descending order of security):
Restricted - Only people that you manually give access to can view or edit your files. When you click the share button, a prompt will show and you may manually add the users who can view or edit your files:
Afterwards, you may select a role for those users and then they can be notified afterwards through email.
On the other hand, you can share the link to others. A prompt will show like the one below if you send the url through Google Chat:
You may opt to select Don't give access which will result in the following view on the other user's end:
This would mean that if unauthorized users get hold of the file URL, they will still need to send an access request. If other users submit the request, an email notification will be sent to your mail inbox. Other users who also own the file will also be notified by mail.
Your Organization - If you use a Google Account through work or school, anyone signed in to an account in your organization can open the file. If you are an administrator in a work or school workspace, you may set how members can share content within the organization. The administrator can prevent the sharing of content with group members outside your organization. If external sharing is prohibited, only group members who are in your organization can access the group's shared content.
Anyone with the link - Anyone who has the link can use your file, without signing in to their Google Account. This option is least recommended because if the URL is leaked to unauthorized users, they can easily access the file.
References:
Share files from Google Drive
Share content with a group
Don’t make it public unless you want the public to see it. Use oauth to access.
I would like to enable viewing a website that I created to one person, whose IP I do not know. Is there a way to hide the website under a simple password (without publishing the page and logging by Facebook etc.)?
Thank you!
If the person can have an account in an active directory you trust, you can add them pretty easily.
https://learn.microsoft.com/en-us/azure/app-service/app-service-mobile-how-to-configure-active-directory-authentication
Only users that have access to the AAD (including guests) can see the site afterwards.
I'm trying to access the google sheets api with python within corporate network, that uses firewall. Then, I need to discover all the url/domains google sheets api requests to send IT team unlock the access for theses url's.
I am using the pygsheets library for connect with google api.
In order for users on your network to access Google Drive and Google Docs editors, your firewall rules should connect to the following hosts and ports. Otherwise, users may be blocked or denied access from these services.
For the following hosts, [N] means any single decimal digit and * means any string not containing a period.
Oauth server
accounts.google.com:443/HTTPS
API stuff
apis.google.com:443/HTTPS
*.clients[N].google.com:443/HTTPS
*.googleapis.com:443/HTTPS
script.google.com:443/HTTPS
Other
www.google.com:443/HTTPS
googledrive.com:443/HTTPS
drive.google.com:443/HTTPS
*.drive.google.com:443/HTTPS
docs.google.com:443/HTTPS
*.docs.google.com:443/HTTPS
*.c.docs.google.com:443/HTTPS
sheets.google.com:443/HTTPS
slides.google.com:443/HTTPS
talk.google.com:5222/XMPP (needed only for Backup and Sync or the legacy - version, Drive for Mac/PC)
takeout.google.com:443/HTTPS
gg.google.com:443/HTTPS
ssl.google-analytics.com:443/HTTPS
video.google.com:443/HTTPS
s.ytimg.com:443/HTTPS
*.googleusercontent.com:443/HTTPS
*.gstatic.com:443/HTTPS
lh[N].google.com:443/HTTPS
[N].client-channel.google.com:443/HTTPS
clients[N].google.com:443/HTTPS
Ripped from Google Drive firewall and proxy settings
Some of theses are for google drive the web application and others are for google drive api, sheets api and the oauth servers. I could probably wittle it down a little but wasnt sure if you wanted that. It may be best that they just open most of them and go from there.
Does anyone know if I can have a single one drive folder and then assign via the API different people, and then they would see only the folders that they are allowed to see.
I am trying to re-create the "views" functionality of dropbox enterprise
Yes, the simplest way to do so is to use the Microsoft Graph API which has an entire set of endpoints that work with a OneDrive account.
The endpoints that will best serve you are the Create Sharing Link and the Add Permission.
Note: Using the sharing link that doesn't require account authentication means anyone with that link can access the OneDrive folder/file that it is assigned to. If the user(s) have Microsoft Accounts or Microsoft Organizational Accounts (also known as work/school account) then the Add Permission endpoint is likely your best bet.
I am not an admin, I'm a developer so admin is kind of foreign to me. I am developing an intranet for a company in xpages and client. There are a handful of people who are not in the company who need to get through the firewall via VPN. The admin guys at the company are not Notes admins. Some "company" users will use the apps locally at times and through the internet at times because there may not be internet access at trade shows where they are using the system. I need all the steps to perform that sets up the access in Notes and a guide to give the admins to allow VPN to allow these users access to Notes. Like I said, I'm not an admin so I need explicit explanations or someone who may be able to contact an admin at the company. Please help. This includes authentication help as I have not done that yet either.