I think Philip is most concerned with this statement from the get_serving_url doc:
"The URL returned by this method is always public, but not guessable; private URLs are not currently supported. If you wish to stop serving the URL, delete the underlying blob key. This takes up to 24 hours to take effect." Makes me go "hmmm" as well. I'm not so worried about the server load on Google, but rather paying for a malicious attack. My reading of the docs didn't reveal any opportunities for defensive programming. For example is there a way to dynamically blacklist addresses that are hammering a "get_serving_url" URL? Another concern is being able to take immediate action to take down offensive or illegal material. John On Sep 6, 6:38 am, Niklasro <[email protected]> wrote: > On Sep 5, 8:47 am, Flips <[email protected]> wrote:> Hi, > > > I am actually planning a new project that will heavily use the high- > > performance image serving. I actually have doubts that it is ready for > > productive usage, because we don't have any logs about it and its > > requests probably won't be reflected on the app engine dashboard. How > > are we supposed to detect DDOS attacks on image urls? Or what could we > > do if a top 500 website displays our image by using the image url on > > its site and consumes our traffic budget within minutes? > > > Best Regards > > Philip > > You can simulate an attack to see whether get_serving_url handles and > balances it. > Cheers > Niklas -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
