[Twisted-Python] Is AMP secure enough for the internet?
Attila Nagy
bra at fsn.hu
Mon Mar 1 09:15:24 EST 2010
Eric P. Mangold wrote:
> AMP "keys" are limited to 256 bytes and "values" are limited to 64k. So
> that will prevent your program from handling a malformed AMP packet that
> tries to exceed those limits....
>
Yes, I know that from the docs, but I haven't read the code, and it's
not trivial where this is limited. If only on the client side, it
doesn't protect...
> One of the things you will need to implement yourself is preventing an
> otherwise legit client from flooding your server with legitimate
> requests... this is application-specific, and Twisted can't implement a
> generalized protection mechanize here.
>
That's right and clear, this needs to be implemented in the application.
Thanks,
More information about the Twisted-Python
mailing list