[Security] Response size limitation #892
Comments
|
This is my web socket server: $loop = \React\EventLoop\Factory::Create();
new \Ratchet\Server\IoServer(
new \Ratchet\Http\HttpServer(
new \Ratchet\WebSocket\WsServer(
new class implements \Ratchet\MessageComponentInterface {
public function OnOpen(\Ratchet\ConnectionInterface $con){
}
public function OnMessage(\Ratchet\ConnectionInterface $con, $message){
echo strlen($message); // How much?
}
public function OnClose(\Ratchet\ConnectionInterface $con){
}
public function OnError(\Ratchet\ConnectionInterface $con, \Exception $e){
}
}
)
),
new \React\Socket\SecureServer(
new \React\Socket\Server('127.0.0.1:8989',$loop),
$loop,
array(
'local_cert' => '...',
'local_pk' => '...',
'allow_self_signed' => true,
'verify_peer' => false
)
)
);
$loop->Run();How many bytes of data can be received from the client? If I can not manage this configuration, the attacker can send big data and take up memory (or I can not have precise management on the server). I'm not familiar with reactphp source code, so I think it's related to: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi
How can i limit the size of the response from the client?
For example, after sending a client more than 100 bytes, the connection must be disconnected. (In one post)
The text was updated successfully, but these errors were encountered: