Message179890
> If someone used regular sockets deliberately, they could crash
> multiprocessing server code deliberately. Any chance of doing a real message
> length check against the embedded message length check?
You can do
message = conn.recv_bytes(maxlength)
if you want a length check -- OSError will be raised if the message is too long.
But Listener() and Client() are *not* replacements for the normal socket API and I would not really advise using them for communication over a network. They are mostly used internally by multiprocessing -- and then only with digest authentication.
All processes in the same program inherit the same randomly generated authentication key -- current_process().authkey. If you create a listener by doing
listener = Listener(address, authenticate=True)
then other processes from the same program can connect by doing
conn = Client(address, authenticate=True)
Without knowing the correct authentication key it is not possible to connect and do a DOS like you describe. |
|
Date |
User |
Action |
Args |
2013-01-13 19:56:35 | sbt | set | recipients:
+ sbt, jbrearley |
2013-01-13 19:56:35 | sbt | set | messageid: <1358106995.42.0.980699350211.issue16920@psf.upfronthosting.co.za> |
2013-01-13 19:56:35 | sbt | link | issue16920 messages |
2013-01-13 19:56:34 | sbt | create | |
|