Hi Alexander, Thanks for your report. I've forwarded it to the appropriate people.
-Nick Johnson On Sat, Aug 1, 2009 at 3:14 PM, Alexander Konovalenko<alex...@gmail.com> wrote: > > I'd like to draw more attention to a security issue with the App > Engine quota system which makes it particularly easy for an attacker > to use up an app's bandwidth quota. > > User syntax writes that when a client requests a large (10 MB) static > file but cancels the download immediately, the whole file size is > nevertheless counted against the outgoing bandwidth quota. By > repeating such requests without completing them, an attacker can > exhaust an app's quota while using little bandwidth on their side. > > Originally reported in the issue tracker: > http://code.google.com/p/googleappengine/issues/detail?id=1178 > > P. S. Please cc me because I'm not subscribed to the group. > > > -- Nick Johnson, Developer Programs Engineer, App Engine --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---