On 25/02/2011 20:16, Filip Hanik - Dev Lists wrote: > This looks like a CPU spinning handshake to me.
Opps. > The operation handshake(true, true); returns an IO interest to be > registered with a selector. > If the client is slow here or misbehaving, you could end up in a end > less loop, and hence we can have introduced a very simple DoS > vulnerability here. > > The simplest solution is, would be to use an individual selector. > Register the socket and issue a select() on the thread you are running on. > If you want to use a shared selector (like NIO does for reads and > writes) it requires a bit more logic. > > I understand where you are going with this solution, and I can probably > fix this today as I sit on the airplane on my way home. If you could, that would be great. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
