I'd like to draw more attention to a security issue with the App Engine quota system which makes it particularly easy for an attacker to use up an app's bandwidth quota.
User syntax writes that when a client requests a large (10 MB) static file but cancels the download immediately, the whole file size is nevertheless counted against the outgoing bandwidth quota. By repeating such requests without completing them, an attacker can exhaust an app's quota while using little bandwidth on their side. Originally reported in the issue tracker: http://code.google.com/p/googleappengine/issues/detail?id=1178 P. S. Please cc me because I'm not subscribed to the group. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
