[Webkit-unassigned] [Bug 32246] Multiple connection attempts to a WebSocket server should not be allowed
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 7 21:52:32 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=32246
--- Comment #1 from Fumitoshi Ukai <ukai at chromium.org> 2009-12-07 21:52:32 PST ---
Chromium implement this in SocketStreamHandle, but it's not clean, but it needs
to sniff data to detect handshake message.
Maybe, we need to add some methods in SocketStreamHandle and
SocketStreamHandleClient.
- new SocketStreamHandle
(In reply to comment #0)
> We don't have the following implemented yet:
>
> -------------------------------
> 1. If the user agent already has a Web Socket connection to the
> remote host (IP address) identified by /host/, even if known by
> another name, wait until that connection has been established or
> for that connection to have failed.
>
> NOTE: This makes it harder for a script to perform a denial of
> service attack by just opening a large number of Web Socket
> connections to a remote host.
>
> NOTE: There is no limit to the number of established Web Socket
> connections a user agent can have with a single remote host.
> Servers can refuse to connect users with an excessive number of
> connections, or disconnect resource-hogging users when suffering
> high load.
> -------------------------------
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list