I believe the admin shell is still susceptible to cross-site scripting. (If you are logged in as admin, you could stumble across a hacker-placed script that calls the statement handler.) One way to defeat that would be some kind of token transmitted with a statement request, like a hash of the command salted with a unique site key.
On Oct 22, 8:54 am, "Marzia Niccolai" <[EMAIL PROTECTED]> wrote: > If you use shell on your site, you should always restrict it to admin only. > The app has arbitrary access to your application's data. It basically > access as a Python command line interface to your app. > > -Marzia > > On Wed, Oct 22, 2008 at 2:21 AM, jeremy <[EMAIL PROTECTED]> wrote: > > > the shell app @http://shell.appspot.com/ - are there any security > > implications besides allowing users to use arbitrary quota resources > > (the url fetch in particular comes to mind)? > > > for example, could someone use the shell to retrieve someone else's > > session id? i'm looking at the code and it seems like the > > encapsulation of new.module is the extent of the separation between > > sessions. but i'm not sure to what extent new.module's encapsulation > > is hermetic. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
