[Twisted-Python] pb.Copyable, round trip objects, and untrusted clients
jasper at peak.org
Thu May 20 19:32:45 EDT 2004
On Thu, 20 May 2004, Glyph Lefkowitz wrote:
> On Thu, 2004-05-20 at 05:34, Jasper Phillips wrote:
> > Ack! Now you've got me scared! Ten other Holes?! Could you elaborate a
> > little more?
> There are no constraints on the type of any argument. Players could
> send lists where you expect strings. Unicode where you expect lists.
> Tuples where you expect dicts. etc, etc, etc.
Good point. I validate data players send before inserting them into Game
state, and toss them a remote exception if they don't validate. This is
mostly for testing purposes, but should catch this kind of abuse as well.
> None of this is anywhere as serious as the average protocol bug in a C
> program, but it can still seriously disrupt service.
Indeed I know someone who's dealing with just such a bug right now! I am
fervently greatfull that Twisted exists, and I don't have to muck with such
low level headaches. :-)
> They can also send nasty circular structures which will put a lot of
> load on the garbage collector, or may not even ever be collected. This
> is all in the protocol layer before it hits your code. This is the main
> issue that Brian and I set out to address with newpb and we came up with
> some of the other hypothetical attacks against the current system along
> the way.
Hmmm, I hadn't considered such a malicious denial of service style attack.
If I get to the point where such a thing could really be a problem I'll
consider myself beyond lucky!
> > What's in newpb anyway? I'd thought this was essentially handled with all
> > the Avatar/Mind/Realm newcred stuff?
> That's authentication. Very different from security :).
Right, although it did change pb a bit too. More security would be great,
as I have to admit I'm mostly ignoring the issue and crossing my fingers
that Twisted deals with it well. Just not enough energy to do everything.
More information about the Twisted-Python