Since the problem is with SSL and GZIP combined? Every bit as vulnerable as every other host out there.
The protocols themselves are issue, so without breaking things there's nothing Google could do. As far as the injection/measuring, that is all in how well you protect against XSS in your own site, browser security, user-installed toolbars, etc. On Tuesday, August 6, 2013 3:34:17 PM UTC-5, coto wrote: > > At ekoparty 2012, Thai Duong and Juliano Rizzo announced CRIME, a > compression side-channel attack against HTTPS. An attacker with the ability > to: > > - Inject partial chosen plaintext into a victim's requests > - Measure the size of encrypted traffic > > More info: > https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/ > > The appropriate question for this group is: "How vulnerable Google App > Engine is when SSL (and GZIP) is/are enabled??" > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.
