Message 179884 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	jbrearley
Recipients	jbrearley, sbt
Date	2013-01-13.17:27:13
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<AC82E48024604F85935B31FE1BB81F04@jrb>
In-reply-to	<1357866356.83.0.954557409074.issue16920@psf.upfronthosting.co.za>

Content
Hi Richard: Thanks for the update. Yes, the multiprocessing.communication.Client works much better. The residual issue left here is wether Python is vulnerable to a DOS attack. If someone used regular sockets deliberately, they could crash multiprocessing server code deliberately. Any chance of doing a real message length check against the embedded message length check? Might not hurt for documentation to state that raw sockets are not supported, that you must use the client. Regards, John Brearley 613-259-5622 (H)

Hi Richard: Thanks for the update. Yes, the multiprocessing.communication.Client
works much better. The residual issue left here is wether Python is vulnerable
to a DOS attack. If someone used regular sockets deliberately, they could crash
multiprocessing server code deliberately. Any chance of doing a real message
length check against the embedded message length check?

Might not hurt for documentation to state that raw sockets are not supported,
that you must use the client.

Regards, John Brearley 
613-259-5622 (H)

History
Date	User	Action	Args
2013-01-13 17:27:13	jbrearley	set	recipients: + jbrearley, sbt
2013-01-13 17:27:13	jbrearley	link	issue16920 messages
2013-01-13 17:27:13	jbrearley	create