If nobody minds, could this discussion be public? I care about the answer too, and I can't imagine I'm the only person considering exposing a Thrift service. It doesn't appear Thrift implementations are necessarily specifically tested about what happens when you feed them random junk (this was a mailing list topic a while ago), which would of course be a problem if you're using it as an external interface, where every request is a potential attack.
tia lvh
