summaryrefslogtreecommitdiff
path: root/src/websockets/qmaskgenerator.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/websockets/qmaskgenerator.cpp')
-rw-r--r--src/websockets/qmaskgenerator.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/websockets/qmaskgenerator.cpp b/src/websockets/qmaskgenerator.cpp
index 2c90c1e..064ada2 100644
--- a/src/websockets/qmaskgenerator.cpp
+++ b/src/websockets/qmaskgenerator.cpp
@@ -45,11 +45,11 @@
\brief The QMaskGenerator class provides an abstract base for custom 32-bit mask generators.
- The WebSockets specification as outlined in \l {http://tools.ietf.org/html/rfc6455}{RFC 6455}
+ The WebSockets specification as outlined in \l {RFC 6455}
requires that all communication from client to server be masked. This is to prevent
malicious scripts from attacking badly behaving proxies.
For more information about the importance of good masking,
- see \l {http://w2spconf.com/2011/papers/websocket.pdf}.
+ see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}.
By default QWebSocket uses the cryptographically insecure qrand() function.
The best measure against attacks mentioned in the document above,
is to use QWebSocket over a secure connection (\e wss://).