[Webkit-unassigned] [Bug 32246] Multiple connection attempts to a WebSocket server should not be allowed
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 2 11:09:57 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=32246
--- Comment #7 from Joe Mason <jmason at rim.com> 2011-03-02 11:09:57 PST ---
(In reply to comment #4)
> Actually, I need to reverse both statements!
>
> Yes, WebSocket is the first way to open an unlimited number of connections to a single server, so it indeed likely needs additional protection to prevent DOS attacks.
>
> But we don't really have a way to implement this correctly. Since each DNS request can result in a new result (this is a form of load balancing), resolving the name first and re-resolving it for actual connect() won't work. We don't have a way to pass both host name and its pre-resolved IP address down to the network stack.
We could add didResolveIP(handle, ip) to SocketStreamHandleClient, and only add a host/ip pair to the "existing connections" map if this is called. That way each platform's network backend can call this function if they can get the IP, and if they don't implement it they just don't get connection limiting.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list