I am new to GAE (cloud based development in general actually) and I am looking for some advice.

I am looking to use GAE only as a service (REST + JSON) with my client-side in Sproutcore. I am looking to find a light-weight service-based framework that will provide me with strong security (authentication, protection against XSS etc).

Java or Python is fine, the priority being speed and security.

Does anybody have any ideas on this? Any links to relevant information. I am going through an information overload phase. Any help in this regard would be much appreciated!

Thank you.


How about tipfy, a open source lightweight python-based framework made for GAE?

Its core can be enhanced through usage of extensions.

  • Combining some of those extensions would allow you to perform auth against different systems (Google, Facebook, Twitter...) or against your own baked one. An example of this can be found here, source code is available here.

  • A really simple sample of JSON rendering is available here.

Of course, other python frameworks run on top of AppEngine. You'll find in the AppEngine-Python google group, a thread discussing pros/cons of most of them.

Considering speed, those links may shed some light on the subject

  • @DKG: That's weird. It looks like you've got two different profiles: stackoverflow.com/users/471377/dkg and stackoverflow.com/users/471447/dkg. You used the first one to post your question, and the second one to answer... Beware, your StackOverflow user experience may suffer from this ;-) – nulltoken Oct 12 '10 at 7:18

proceed with caution if you want to use a framework. since GAE is still evolving, frameworks tend to break. i have tried both tipfy and django on large projects.


in many places tipfy tends to just write meaningless (read no value add) python wrappers around what the core gae frameworks provide just causing code bloat.

last i checked, the map reduce package did not work well with tipfy. sorry, i may sound very biased but my experience with tipfy has been average.

  • Any framework that intends to provide native support for SDK handlers will need to wrap them (adding "no value" as you say). This is a duplicated effort that causes maintenance problems. The solution, imo, is to stick to webapp or use a framework that stays close to webapp. I described the whole dilemma here: stackoverflow.com/questions/6774371/… – moraes Jul 24 '11 at 7:47

So looks like I can't comment on your answer but the link was very helpful! Looks very much like something I am looking for:

  1. Server-side sessions
  2. Custom user authentication
  3. JSON based service with no View layer
  4. Fast and secure

Any other python framework that you might possibly know of along the lines of Tipfy? Just so I have something to compare with?

Does anybody know of any Java libraries along the same lines of Tipfy?

Thanks again for the link!

Edit 1:

  1. Hmm...I have no idea how I ended up with 2 accounts. I'll try to iron it out..
  2. Your links were very helpful..Thanks!
  3. I am inching towards Tipfy at this point, but I think I am going to wait a little longer on this thread to see if I get some more opinions..

Thanks again...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.