If the SDK is accessible to the outer world, it poses a HUGE security risk One can simply write a script for "Interactive Console<http://localhost/_ah/admin/interactive>" and steal all your code/data
To prevent this - one may restrict access to Development Console and permit only 127.0.0.1, this can be easily done by modifying the Handlers of the Development Console Can you guys think of any other security holes? I've been meaning to ask this for a long time, but at the same time I didn't want to attract anyone to exploit these risks - but here it is anyway -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/5UH5lat5RvQJ. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
