Python - remote object protocols and security
Irmen de Jong
irmen.NOSPAM at xs4all.nl
Mon Jul 15 13:05:45 EDT 2013
On 15-7-2013 18:57, Irmen de Jong wrote:
>> Note that DOS attacks are possible whatever encoding scheme you have. Make sure that
>> self-references within the data are well-defined (or impossible), and put limits on size
>> per transaction, and transactions per minute per legitimate user.
>
> Pyro doesn't provide anything by itself to protect against this.
I'm sorry to follow up on myself, but there is actually one thing: Pyro's choice of
serializers (except pickle, again) don't allow self-references. So that type of DOS
attack (infinite recursion) is ruled out.
Irmen
More information about the Python-list
mailing list