If you use shell on your site, you should always restrict it to admin only. The app has arbitrary access to your application's data. It basically access as a Python command line interface to your app.
-Marzia On Wed, Oct 22, 2008 at 2:21 AM, jeremy <[EMAIL PROTECTED]> wrote: > > the shell app @ http://shell.appspot.com/ - are there any security > implications besides allowing users to use arbitrary quota resources > (the url fetch in particular comes to mind)? > > for example, could someone use the shell to retrieve someone else's > session id? i'm looking at the code and it seems like the > encapsulation of new.module is the extent of the separation between > sessions. but i'm not sure to what extent new.module's encapsulation > is hermetic. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---