[Twisted-Python] Is AMP secure enough for the internet?

Tristan Seligmann mithrandi at mithrandi.net
Sun Feb 28 19:33:15 EST 2010

On Sat, Feb 27, 2010 at 11:59 PM, Attila Nagy <bra at fsn.hu> wrote:
> What would I like to do:
> 1. authenticate and authorize connecting clients with their SSL certificates
> 2. securely transfer arbitrary (binary and json) data from and to the
> clients (both the server and client would be twisted)

If you're using SSL, then points 1 and 2 are the responsibility of
SSL, not AMP, and you should be fine.

> 3. protect the server from malicious clients

I can't really comment on this, as I haven't studied the AMP
implementation much; I think there are some built-in limits which will
protect against certain kinds of resource DoS, but hopefully somebody
else can comment in more detail.
mithrandi, i Ainil en-Balandor, a faer Ambar

More information about the Twisted-Python mailing list