Say someone does not like a person behind one of the small/medium sized apps on app store (lets say 2-3 instances continously each day). For the sake of argument, say that it is me, but it could just as easily apply to any of you guys out there.
What will stop a person of ill intend to make his own app engine app (or use any other similar service available on the web) and use this app *to hit my small/medium sized app engine app with hundreds of asyncrone requests each second - forcing the number of instance of my application to skyhigh levels and thus - depending on budget settings - either 1) bill me hundreds of USD for a few hours, or 2) hitting the instance hour quota very, very quickly... * Such an "attack" could theoretically be made from another app engine app, possibly even under the free quota... Under the old pricing scheme the latency would just go up (it happened a few times to me). Possible solutions: 1) app engine team should provide an API for blacklist, so that I can programatically add IP's there 2) app engine team could make a setting to control "Max Number of Instances" [not just "max idle instances" - because they will not be idle]. A Max Number of Instances would of course make high latencies for all users on my app during an attack, but at least I wouldnt have to deal with hitting the quota levels => readjusting pricing => waiting for new ressources to be allocated => spending lots of time on damagecontrol + making the attacker happy... 3) any other ideas? I am concerned. Please advise. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/U_bUW2BUVj0J. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
