On Tue, Jul 27, 2010 at 1:25 PM, "Martin v. Löwis" <[email protected]> wrote: > I'll be implementing a feature for PyPI where you can POST > to a certain action (revdownload), and then PyPI will POST > the file requested to an URL that was passed; this is need > to make blobs work on AppEngine. > > Any objections?
Seems like this is rife for abuse -- it's essentially an open relay for POST requests, so I could use it to amplify a DDOS attack. So probably sounds like there needs to be some sort of security, or whitelist of allowed URL (or prefixes?), or somesuch. Jacob _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
