[Webkit-unassigned] [Bug 32246] Multiple connection attempts to a WebSocket server should not be allowed

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 7 21:52:32 PST 2009


--- Comment #1 from Fumitoshi Ukai <ukai at chromium.org>  2009-12-07 21:52:32 PST ---
Chromium implement this in SocketStreamHandle, but it's not clean, but it needs
to sniff data to detect handshake message.

Maybe, we need to add some methods in SocketStreamHandle and

 - new SocketStreamHandle

(In reply to comment #0)
> We don't have the following implemented yet:
> -------------------------------
>    1.   If the user agent already has a Web Socket connection to the
>         remote host (IP address) identified by /host/, even if known by
>         another name, wait until that connection has been established or
>         for that connection to have failed.
>         NOTE: This makes it harder for a script to perform a denial of
>         service attack by just opening a large number of Web Socket
>         connections to a remote host.
>         NOTE: There is no limit to the number of established Web Socket
>         connections a user agent can have with a single remote host.
>         Servers can refuse to connect users with an excessive number of
>         connections, or disconnect resource-hogging users when suffering
>         high load.
> -------------------------------

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list