There is an even worse problem with a password compromise: 1) Malicious user gets your pw 2) Malicious user downloads your existing codebase 3) Malicious user makes subtle change - say, funneling sensitive data to external site 4) Malicious user uploads this over running version
This would be almost impossible to detect. At least with the source code separate, a malicious hacker has to either 1) re-implement enough of the site to make it convincing, or 2) figure out the actual code repository and credentials separately. Honestly, I think this code download idea is unwise. Yes, it will quiet down all the clueless folks that didn't back up their code, but let's be realistic - these are not people who are serious about software development and they are unlikely to be the ones building apps that will ultimately generate revenue for appengine. GAE is not google sites, you don't need to cater to the idiot 20%. Jeff On Thu, Oct 7, 2010 at 6:43 AM, Nacho Coloma <icol...@gmail.com> wrote: >> If you have unscrupulous competitors with your Google Account >> password, I'd think the fact that they might download your source is >> the least of your problems. They could just deploy malicious code to >> your site instead. > > That can be fixed, but you can't do anything about the fact that they > have your source code and can develop competing products. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
