On 15-7-2013 18:57, Irmen de Jong wrote: >> Note that DOS attacks are possible whatever encoding scheme you have. Make >> sure that >> self-references within the data are well-defined (or impossible), and put >> limits on size >> per transaction, and transactions per minute per legitimate user. > > Pyro doesn't provide anything by itself to protect against this.
I'm sorry to follow up on myself, but there is actually one thing: Pyro's choice of serializers (except pickle, again) don't allow self-references. So that type of DOS attack (infinite recursion) is ruled out. Irmen -- http://mail.python.org/mailman/listinfo/python-list
