From 7a9f1d750b2b25de5b2f59f05739c70629226902 Mon Sep 17 00:00:00 2001
From: Jeremy Latt <jeremy.latt@gmail.com>
Date: Sat, 15 Mar 2014 15:12:29 -0700
Subject: [PATCH] explain why CheckPassword happens in client thread

---
 irc/client.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/irc/client.go b/irc/client.go
index ec4c323d..5cf9a476 100644
--- a/irc/client.go
+++ b/irc/client.go
@@ -67,6 +67,11 @@ func (client *Client) run() {
 		checkPass, ok := command.(checkPasswordCommand)
 		if ok {
 			checkPass.LoadPassword(client.server)
+			// Block the client thread while handling a potentially expensive
+			// password bcrypt operation. Since the server is single-threaded
+			// for commands, we don't want the server to perform the bcrypt,
+			// blocking anyone else from sending commands until it
+			// completes. This could be a form of DoS if handled naively.
 			checkPass.CheckPassword()
 		}