Hi, I'm making a survey about security in PaaS platforms, and I have a question about GAE that maybe you can help me with. It is well known that GAE uses Jetty as the servlet container. However, I have not been able to find any information about whether each Jetty instance hosts servlets of one single user or the same Jetty instance can host servlets of different users at the same time.
I wonder about that because I think it is an important question in these environments: Java has certain limitations regarding isolation (possible reference leaks). If the same Jetty instance runs servlets of different users, then a malicious tenant could try to exploit those limitations to access to servlets from other users. If, on the other hand, each Jetty instance runs servlets only from an unique user, then that problem cannot affect GAE. Thank you very much for help!, regards, Luis -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
