Instead of offering your file as static file (whose download you can't
control) you could offer your file via url request from datastore and
make registration and login obligatory or block any third request from
the same IP.
Then a single attacker has got no chance, only a bot net would be
effect
Hi Alexander,
Thanks for your report. I've forwarded it to the appropriate people.
-Nick Johnson
On Sat, Aug 1, 2009 at 3:14 PM, Alexander Konovalenko wrote:
>
> I'd like to draw more attention to a security issue with the App
> Engine quota system which makes it particularly easy for an attack
On Aug 1, 10:14 am, Alexander Konovalenko wrote:
> User syntax writes that when a client requests a large (10 MB) static
> file
Am I missing something? How could one have a static file larger than
1MB?
--~--~-~--~~~---~--~~
You received this message because yo
> Am I missing something? How could one have a static file larger than
> 1MB?
The limit has been raised some time ago:
http://code.google.com/appengine/docs/python/runtime.html#Quotas_and_Limits
--~--~-~--~~~---~--~~
You received this message because you are subs