Why would your SDK be available to the outside world? It's a development tool, no different to any development environments - lock it down via the network infrastructure, as you would any other development environment. If you have production data in your dev environment and it contains sensitive data, then take the normal steps to sanitise it.
On Tuesday, 13 March 2012 20:50:01 UTC, Kaan Soral wrote: > > If the SDK is accessible to the outer world, it poses a HUGE security risk > > One can simply write a script for "Interactive > Console<http://localhost/_ah/admin/interactive>" > and steal all your code/data > > To prevent this - one may restrict access to Development Console and > permit only 127.0.0.1, this can be easily done by modifying the Handlers of > the Development Console > > Can you guys think of any other security holes? > > I've been meaning to ask this for a long time, but at the same time I > didn't want to attract anyone to exploit these risks - but here it is anyway > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/5DxU7Rl8wMQJ. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
