summaryrefslogtreecommitdiff
path: root/src/websockets/qmaskgenerator.cpp
diff options
context:
space:
mode:
authorLiang Qi <liang.qi@theqtcompany.com>2016-04-08 23:44:07 +0200
committerLiang Qi <liang.qi@theqtcompany.com>2016-04-08 23:44:07 +0200
commit2baa571e0d95d3e9bf182dc035c8ff0970bb68ea (patch)
tree174e872c084319e19cd0ebd74915048d99c18c84 /src/websockets/qmaskgenerator.cpp
parent40c0c43f59b97e5bee4a8994a499800e1f46b8d1 (diff)
parent00156d63eea2fb7681a8a00a3144392d6325e5cb (diff)
downloadqtwebsockets-2baa571e0d95d3e9bf182dc035c8ff0970bb68ea.tar.gz
Merge remote-tracking branch 'origin/5.7' into dev
Change-Id: I8a2d6875b68c99786f99ec0dc380f8725c6abd42
Diffstat (limited to 'src/websockets/qmaskgenerator.cpp')
-rw-r--r--src/websockets/qmaskgenerator.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/websockets/qmaskgenerator.cpp b/src/websockets/qmaskgenerator.cpp
index 2c90c1e..064ada2 100644
--- a/src/websockets/qmaskgenerator.cpp
+++ b/src/websockets/qmaskgenerator.cpp
@@ -45,11 +45,11 @@
\brief The QMaskGenerator class provides an abstract base for custom 32-bit mask generators.
- The WebSockets specification as outlined in \l {http://tools.ietf.org/html/rfc6455}{RFC 6455}
+ The WebSockets specification as outlined in \l {RFC 6455}
requires that all communication from client to server be masked. This is to prevent
malicious scripts from attacking badly behaving proxies.
For more information about the importance of good masking,
- see \l {http://w2spconf.com/2011/papers/websocket.pdf}.
+ see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}.
By default QWebSocket uses the cryptographically insecure qrand() function.
The best measure against attacks mentioned in the document above,
is to use QWebSocket over a secure connection (\e wss://).