explain why CheckPassword happens in client thread

2024-11-10 22:19:31 +01:00 · 2014-03-15 15:12:29 -07:00 · 2014-03-15 15:12:29 -07:00 · 7a9f1d750b
commit 7a9f1d750b
parent b359d8c097
1 changed files with 5 additions and 0 deletions
--- a/irc/client.go
+++ b/irc/client.go
@ -67,6 +67,11 @@ func (client *Client) run() {
 		checkPass, ok := command.(checkPasswordCommand)
 		if ok {
 			checkPass.LoadPassword(client.server)
+			// Block the client thread while handling a potentially expensive
+			// password bcrypt operation. Since the server is single-threaded
+			// for commands, we don't want the server to perform the bcrypt,
+			// blocking anyone else from sending commands until it
+			// completes. This could be a form of DoS if handled naively.
 			checkPass.CheckPassword()
 		}