Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
"Don't block the event loop": New guide on avoiding DoS #1471
We know, we know, "Don't block the event loop"
Though "Don't block the event loop" is a good rule of thumb, developers new to the EDA could easily expose themselves to this and other Denial of Service vulnerabilities if they don't think carefully about the implications of the limited supply of threads. For example, REDOS is a very real threat but a bit of a surprise as a way to block the event loop.
There are of course a lot of blog posts describing this issue in varying levels of formality and detail, but I think the community would benefit from a guide put out by a central authority -- like nodejs.org!
Also don't block the threadpool
More on this if you're interested
Well, TBH I think there would indeed be more to discuss if you had a draft. Though anyway, I'm probably not the most qualified to discuss the technical quality of such draft, I'd very much like to read it and the discussion that might follow.
And also no worries, globally, "no discussion" generally means "go ahead"; people tend a bit more to comment to say when they don't agree than when they agree, from what I've seen