diff options
| author | Kurt Pattyn <pattyn.kurt@gmail.com> | 2014-02-12 15:17:58 +0100 |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-02-15 14:40:02 +0100 |
| commit | 45eadd663ff22df46fadf03c45db7e058e71e476 (patch) | |
| tree | 896959f43e107cd446b3e948a295e0a7661d4f47 /src/websockets/qwebsocket.cpp | |
| parent | abb6912c11dc322718724eb11e70617d8428b6f5 (diff) | |
| download | qtwebsockets-45eadd663ff22df46fadf03c45db7e058e71e476.tar.gz | |
Add user configurable mask generation
Created a QMaskGenerator abstract base class to serve as a basis for
user specific mask generators. Added the possibility to override the
default mask generation in QWebSocket.
Change-Id: Iaa02b44193f854d103b5f352617789175fe61f89
Reviewed-by: Kurt Pattyn <pattyn.kurt@gmail.com>
Diffstat (limited to 'src/websockets/qwebsocket.cpp')
| -rw-r--r-- | src/websockets/qwebsocket.cpp | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/src/websockets/qwebsocket.cpp b/src/websockets/qwebsocket.cpp index 0a0c420..ca8ae08 100644 --- a/src/websockets/qwebsocket.cpp +++ b/src/websockets/qwebsocket.cpp @@ -57,7 +57,17 @@ \l {http://tools.ietf.org/html/rfc6455#page-39} {extensions} and \l {http://tools.ietf.org/html/rfc6455#page-12} {subprotocols}. - QWebSocket only supports version 13 of the WebSocket protocol, as outlined in RFC 6455. + QWebSocket only supports version 13 of the WebSocket protocol, as outlined in + \l {http://tools.ietf.org/html/rfc6455}{RFC 6455}. + + \warning To generate masks, this implementation of WebSockets uses the cryptographically + insecure qrand() function. + For more information about the importance of good masking, + see \l {http://w2spconf.com/2011/papers/websocket.pdf}. + The best measure against attacks mentioned in the document above, + is to use QWebSocket over a secure connection (\e wss://). + In general, always be careful to not have 3rd party script access to + a QWebSocket in your application. \sa QAbstractSocket, QTcpSocket @@ -621,6 +631,26 @@ void QWebSocket::setProxy(const QNetworkProxy &networkProxy) #endif /*! + Sets the generator to use for creating masks to \a maskGenerator. + The default QWebSocket generator can be reset by supplying a \e Q_NULLPTR. + The mask generator can be changed at any time, even while the connection is open. + */ +void QWebSocket::setMaskGenerator(const QMaskGenerator *maskGenerator) +{ + Q_D(QWebSocket); + d->setMaskGenerator(maskGenerator); +} + +/*! + Returns the mask generator that is currently used by this QWebSocket. + */ +const QMaskGenerator *QWebSocket::maskGenerator() const +{ + Q_D(const QWebSocket); + return d->maskGenerator(); +} + +/*! Returns the size in bytes of the readbuffer that is used by the socket. */ qint64 QWebSocket::readBufferSize() const |