[Twisted-Python] pb.Copyable, round trip objects, and untrusted clients

[Jasper Phillips]

On Thu, 20 May 2004, Glyph Lefkowitz wrote:

> On Thu, 2004-05-20 at 05:34, Jasper Phillips wrote:
> 
> > Ack!  Now you've got me scared!  Ten other Holes?!  Could you elaborate a
> > little more?
> 
> There are no constraints on the type of any argument.  Players could
> send lists where you expect strings.  Unicode where you expect lists. 
> Tuples where you expect dicts.  etc, etc, etc.

Good point.  I validate data players send before inserting them into Game
state, and toss them a remote exception if they don't validate.  This is
mostly for testing purposes, but should catch this kind of abuse as well.

> None of this is anywhere as serious as the average protocol bug in a C
> program, but it can still seriously disrupt service.

Indeed I know someone who's dealing with just such a bug right now!  I am
fervently greatfull that Twisted exists, and I don't have to muck with such
low level headaches. :-)

> They can also send nasty circular structures which will put a lot of
> load on the garbage collector, or may not even ever be collected.  This
> is all in the protocol layer before it hits your code.  This is the main
> issue that Brian and I set out to address with newpb and we came up with
> some of the other hypothetical attacks against the current system along
> the way.

Hmmm, I hadn't considered such a malicious denial of service style attack.
If I get to the point where such a thing could really be a problem I'll
consider myself beyond lucky!

> > What's in newpb anyway?  I'd thought this was essentially handled with all
> > the Avatar/Mind/Realm newcred stuff?
> 
> That's authentication.  Very different from security :).

Right, although it did change pb a bit too.  More security would be great,
as I have to admit I'm mostly ignoring the issue and crossing my fingers
that Twisted deals with it well.  Just not enough energy to do everything.

-Jasper