[Twisted-Python] Is AMP secure enough for the internet?

Attila Nagy bra at fsn.hu
Mon Mar 1 09:15:24 EST 2010

Eric P. Mangold wrote:
> AMP "keys" are limited to 256 bytes and "values" are limited to 64k. So
> that will prevent your program from handling a malformed AMP packet that
> tries to exceed those limits....
Yes, I know that from the docs, but I haven't read the code, and it's
not trivial where this is limited. If only on the client side, it
doesn't protect...
> One of the things you will need to implement yourself is preventing an
> otherwise legit client from flooding your server with legitimate
> requests... this is application-specific, and Twisted can't implement a
> generalized protection mechanize here.
That's right and clear, this needs to be implemented in the application.


More information about the Twisted-Python mailing list