3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-26 05:49:25 +01:00

explain why CheckPassword happens in client thread

This commit is contained in:
Jeremy Latt 2014-03-15 15:12:29 -07:00
parent b359d8c097
commit 7a9f1d750b

View File

@ -67,6 +67,11 @@ func (client *Client) run() {
checkPass, ok := command.(checkPasswordCommand) checkPass, ok := command.(checkPasswordCommand)
if ok { if ok {
checkPass.LoadPassword(client.server) checkPass.LoadPassword(client.server)
// Block the client thread while handling a potentially expensive
// password bcrypt operation. Since the server is single-threaded
// for commands, we don't want the server to perform the bcrypt,
// blocking anyone else from sending commands until it
// completes. This could be a form of DoS if handled naively.
checkPass.CheckPassword() checkPass.CheckPassword()
} }