mirror of
https://github.com/ergochat/ergo.git
synced 2024-12-26 20:52:38 +01:00
explain why CheckPassword happens in client thread
This commit is contained in:
parent
b359d8c097
commit
7a9f1d750b
@ -67,6 +67,11 @@ func (client *Client) run() {
|
||||
checkPass, ok := command.(checkPasswordCommand)
|
||||
if ok {
|
||||
checkPass.LoadPassword(client.server)
|
||||
// Block the client thread while handling a potentially expensive
|
||||
// password bcrypt operation. Since the server is single-threaded
|
||||
// for commands, we don't want the server to perform the bcrypt,
|
||||
// blocking anyone else from sending commands until it
|
||||
// completes. This could be a form of DoS if handled naively.
|
||||
checkPass.CheckPassword()
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user