Python - remote object protocols and security

Irmen de Jong irmen.NOSPAM at xs4all.nl
Mon Jul 15 19:05:45 CEST 2013


On 15-7-2013 18:57, Irmen de Jong wrote:

>> Note that DOS attacks are possible whatever encoding scheme you have. Make sure that
>> self-references within the data are well-defined (or impossible), and put limits on size
>> per transaction, and transactions per minute per legitimate user.
> 
> Pyro doesn't provide anything by itself to protect against this.

I'm sorry to follow up on myself, but there is actually one thing: Pyro's choice of
serializers (except pickle, again) don't allow self-references. So that type of DOS
attack (infinite recursion) is ruled out.


Irmen




More information about the Python-list mailing list