Reading data from a socket, considerations for robustness and security
Posted
by
w.brian
on Stack Overflow
See other posts from Stack Overflow
or by w.brian
Published on 2011-03-16T16:07:56Z
Indexed on
2011/03/16
16:10 UTC
Read the original article
Hit count: 333
I am writing a socket server that will implement small portions of the HTTP and the WebSocket protocol, and I'm wondering what I need to take into consideration in order to make it robust/secure. This is my first time writing a socket-based application so please excuse me if any of my questions are particularly naive. Here goes:
Is it wrong to assume that you've received an entire HTTP request (WebSocket request, etc) if you've read all data available from the socket? Likewise, is it wrong to assume you've only received one request? Is TCP responsible for making sure I'm getting the "message" all at once as sent by the client? Or do I have to manually detect the beginning and end of each "message" for whatever protocol I'm implementing?
Regarding security: What, in general, should I be aware of? Are there any common pitfalls when implementing something like this?
As always, any feedback is greatly appreciated.
© Stack Overflow or respective owner