I'm planning a data collector gateway and wondering whether Twisted's AMP would be good for the task. AMP seems to be a good fit for the job, but I'm not sure about the security. I make the client side too, but I won't operate it, bad guys can take over that side and I want to protect my side.
What would I like to do: 1. authenticate and authorize connecting clients with their SSL certificates 2. securely transfer arbitrary (binary and json) data from and to the clients (both the server and client would be twisted) 3. protect the server from malicious clients
I have some concerns about all three. For the first, is this OK now: http://twistedmatrix.com/pipermail/twisted-python/2007-August/015926.html ? For the second: the server should not be affected by the data which the client sends. I mean exploiting bugs in the data paths and limited protection from DoS, like abusing blocking pieces of code and therefore halting the reactor, or preventing memory overflow (if it sends 3TBs of data, it shouldn't be queued up in RAM, I should be in control about what happens in this case, or twisted should be clear measures for these) etc... And by the third I mean the above, plus for example if I have only one command defined for AMP with one string argument then no matter what happens, the client should only access that function with that argument and no other part of the program.
How do you feel, is Twisted and AMP a good choice for that?