Re: Does socket.io have any packet size protection?
603 views
Skip to first unread message
Arnout Kazemier
Jul 27, 2012, 2:22:59 PM7/27/12
to sock...@googlegroups.com
Socket.IO has a destroy buffer size option: https://github.com/LearnBoost/socket.io/blob/master/lib/manager.js#L83
But it's only applied to HTTP transports: https://github.com/LearnBoost/socket.io/blob/master/lib/transports/http.js#L55
I don't think WebSockets have this kind of protection.
On Friday, July 27, 2012 at 8:15 PM, Shannon Posniewski wrote:
(I haven't been able to find anything in the docs about this. Apologies if I've missed it.)Are there any settings or something built in to socket.io which can restrict the size of payloads being sent to the server? For example, an evil person could modify the client-side source after handshake and send an emit back to the server with a giant payload.A reasonable recourse to a client sending such a flood (IMO) would by dropping the connection. The intent here is to stop or otherwise shut down a rogue client before it damages the server (either by crashing it with a memory shortage, or simply slowing it down).shannon
Martin Thomson
Jul 27, 2012, 3:21:44 PM7/27/12
to sock...@googlegroups.com
I submitted a bug and pull request on this exact problem.
https://github.com/LearnBoost/socket.io/issues/886
https://github.com/LearnBoost/socket.io/pull/888
This patch was made against 0.8.6, but I can't imagine that the recent changes will affect this.
https://github.com/LearnBoost/socket.io/issues/886
https://github.com/LearnBoost/socket.io/pull/888
This patch was made against 0.8.6, but I can't imagine that the recent changes will affect this.
Reply all
Reply to author
Forward
0 new messages