[whatwg] WebSockets: what to do when there are too many open connections
John Tamplin
jat at google.com
Thu May 13 10:35:03 PDT 2010
On Thu, May 13, 2010 at 1:19 PM, Perry Smith <pedzsan at gmail.com> wrote:
> >>> [[
> >>> Note: There is no limit to the number of established WebSocket
> connections
> >>> a user agent can have with a single remote host. Servers can refuse to
> >>> connect users with an excessive number of connections, or disconnect
> >>> resource-hogging users when suffering high load.
> >>> ]]
> >>>I don't think this is an area for the spec. The open must be allowed to
> fail if something goes wrong. The OS might reject it and the browser might
> reject it too. Aside from that, I don't think the spec should dictate what
> to do here.
>
> A nice UA, I think, would monitor a particular tab or browsing context for
> being out of control. This might be opening an infinite number of sockets
> or running infinite threads to bog the user's system down (or it might be
> because I forgot a semicolon :-). There are countless ways for nasty
> javascript to upset the user. A nice UA from a nice group would learn these
> new ways and adapt to them over time. When detected, the UA could ask the
> user if they want this mayhem to continue or not. I think rampant socket
> abuse is just one of countless places nasty javascript is going to exploit
> the user. I don't see how the spec can foresee all of them nor should a
> "complaint UA" be required to detect all of them.
>
I think simply saying that a user agent may restrict the number of
connections like the server might is sufficient. As written, it implies the
number is actually unlimited.
--
John A. Tamplin
Software Engineer (GWT), Google
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100513/f0b29d18/attachment-0002.htm>
More information about the whatwg
mailing list