diff options
Diffstat (limited to 'src/websockets/qmaskgenerator.cpp')
-rw-r--r-- | src/websockets/qmaskgenerator.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/websockets/qmaskgenerator.cpp b/src/websockets/qmaskgenerator.cpp index cc53156..88baab6 100644 --- a/src/websockets/qmaskgenerator.cpp +++ b/src/websockets/qmaskgenerator.cpp @@ -39,11 +39,11 @@ \brief The QMaskGenerator class provides an abstract base for custom 32-bit mask generators. - The WebSockets specification as outlined in \l {http://tools.ietf.org/html/rfc6455}{RFC 6455} + The WebSockets specification as outlined in \l {RFC 6455} requires that all communication from client to server be masked. This is to prevent malicious scripts from attacking badly behaving proxies. For more information about the importance of good masking, - see \l {http://w2spconf.com/2011/papers/websocket.pdf}. + see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}. By default QWebSocket uses the cryptographically insecure qrand() function. The best measure against attacks mentioned in the document above, is to use QWebSocket over a secure connection (\e wss://). |