Why? - because sometimes you have to work with external systems and they have to work with you - even on the development level
On Wednesday, March 14, 2012 10:42:59 AM UTC+2, Simon Knott wrote: > > Why would your SDK be available to the outside world? It's a development > tool, no different to any development environments - lock it down via the > network infrastructure, as you would any other development environment. If > you have production data in your dev environment and it contains sensitive > data, then take the normal steps to sanitise it. > > On Tuesday, 13 March 2012 20:50:01 UTC, Kaan Soral wrote: >> >> If the SDK is accessible to the outer world, it poses a HUGE security risk >> >> One can simply write a script for "Interactive >> Console<http://localhost/_ah/admin/interactive>" >> and steal all your code/data >> >> To prevent this - one may restrict access to Development Console and >> permit only 127.0.0.1, this can be easily done by modifying the Handlers of >> the Development Console >> >> Can you guys think of any other security holes? >> >> I've been meaning to ask this for a long time, but at the same time I >> didn't want to attract anyone to exploit these risks - but here it is anyway >> > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/kW20c_wtRsMJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
