Can someone from Google make a statement on whether App Engine is vulnerable to the BREACH attack that was announced recently?
http://breachattack.com/ I'm not a security expert, but it looks like you are vulnerable to the attack if you use both SSL/TLS and HTTP compression. Since that configuration is handled by App Engine infrastructure, our apps may be at risk and we have little ability to mitigate it without help from Google. Also, a statement on the similar CRIME attack would be helpful too. Thanks. --Alex -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.
