New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP request handlers are not safe/secure #705

Open
yaronyg opened this Issue Apr 7, 2016 · 0 comments

Comments

Projects
None yet
1 participant
@yaronyg
Member

yaronyg commented Apr 7, 2016

In both notification and replication action we make HTTPS requests to a PSK server. There are a number of issues with the current code including:

Replicated - The calls are essentially identical but we have different code handling them, that means we can't encode best practices in one place and use them everywhere

Size Limitations - The calls need to make sure that they cap how big a response they are willing to wait for

Time out - The calls need to time themselves out if they go on too long. This isn't a big deal on native connections (which have their own times outs) but it matters on WiFi. We also have to make sure that the time outs are tied to getting a complete response and NOT to data on the wire since there are tricks with things like chunking that potentially could keep a connection 'alive' for a while as it doesn't actually do anything.

@yaronyg yaronyg added this to the V1 milestone Aug 3, 2016

@yaronyg yaronyg added 1 - Backlog and removed 0 - Icebox labels Aug 4, 2016

@yaronyg yaronyg added Node and removed 1 - Backlog labels Oct 6, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment