[Python-au] Thanks and the last question for today is

Andrew Bennetts andrew-pythonau@puzzling.org
Fri, 17 Jan 2003 17:02:52 +1100

On Fri, Jan 17, 2003 at 04:14:53PM +1100, Graeme Matthew wrote:
> Hi all, thanks a mil for all your help, this has really corrected my 
> understanding on classes and made my life oh so much easier.
> now my last question(s):
> Overview:
> I have written a SocketServer, it listens for xml orders send from a remote 
> computer. It uses PyRXP to parse the orders then loads into a Order object. 
> The order object will have a save method that will write it to a database.
> Questions:
> How does one make the SocketServer secure ?
> How does one prevent "ugly people" from sending massive streams of data and 
> in theory causing a DOS ?

It's tricky.

Firstly, I'd probably recommend that you use Twisted
(http://twistedmatrix.com/) for networking rather than SocketServer.
SocketServer is a very simple-minded approach to writing servers -- multiple
simultaneous connections are served with either threads or forking for each
connection, which isn't very efficient.  Twisted also makes using SSL
sockets almost identical to ordinary sockets.

Thus with Twisted you will be harder to DOS (far less resources are used for
each connection), and you can use SSL.  It's also easier to use, once you
become familiar with it (but the initial learning curve is a little steep).

It's hard to protect yourself against DOS attacks.  Probably the simplest
approach is to require each connection authenticates (i.e. with a username
and password, preferably over SSL) before it can send any other data, and
drop the connection otherwise.  You could also automatically drop any
connection that sends more than some amount of data... but neither approach
can stop the attacker from simply re-opening the connection.