I don't think this is related to my question, but thanks anyway On Tuesday, March 13, 2012 11:25:15 PM UTC+2, Ronoaldo José de Lana Pereira wrote: > > By your assumption that arbitrary code execution will affect your SDK > binaries (either java or python), I'am assuming that you are using Windows, > downloading the SDK binaries from untrusted websites or not running the MD5 > checksums. I suggest you to do all these: use Linux, downlaod only the > code from Google and never deploy untrusted jars / python code with your > application. > > Hope this helps, > > -Ronoaldo > > Em terça-feira, 13 de março de 2012 17h50min01s UTC-3, Kaan Soral escreveu: >> >> If the SDK is accessible to the outer world, it poses a HUGE security risk >> >> One can simply write a script for "Interactive >> Console<http://localhost/_ah/admin/interactive>" >> and steal all your code/data >> >> To prevent this - one may restrict access to Development Console and >> permit only 127.0.0.1, this can be easily done by modifying the Handlers of >> the Development Console >> >> Can you guys think of any other security holes? >> >> I've been meaning to ask this for a long time, but at the same time I >> didn't want to attract anyone to exploit these risks - but here it is anyway >> >
-- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/YQatENnLrUIJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
