Skip to content
This repository has been archived by the owner before Nov 9, 2022. It is now read-only.

HTTP request handlers are not safe/secure #705

Open
yaronyg opened this issue Apr 7, 2016 · 0 comments
Open

HTTP request handlers are not safe/secure #705

yaronyg opened this issue Apr 7, 2016 · 0 comments

Comments

@yaronyg
Copy link
Member

yaronyg commented Apr 7, 2016

In both notification and replication action we make HTTPS requests to a PSK server. There are a number of issues with the current code including:

Replicated - The calls are essentially identical but we have different code handling them, that means we can't encode best practices in one place and use them everywhere

Size Limitations - The calls need to make sure that they cap how big a response they are willing to wait for

Time out - The calls need to time themselves out if they go on too long. This isn't a big deal on native connections (which have their own times outs) but it matters on WiFi. We also have to make sure that the time outs are tied to getting a complete response and NOT to data on the wire since there are tricks with things like chunking that potentially could keep a connection 'alive' for a while as it doesn't actually do anything.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant