Re: [whatwg/streams] ReadableStreamBYOBReader.prototype.readFully(view) (#1143) from Claudia Meadows on 2021-11-23 (public-webapps-github@w3.org from November 2021)

From: Claudia Meadows <notifications@github.com>
Date: Tue, 23 Nov 2021 13:01:49 -0800
To: whatwg/streams <streams@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/streams/issues/1143/977165684@github.com>

Is this going to be accompanied with a timeout parameter or abort signal? Otherwise, I'm concerned about the possibility of a malicious actor spamming an endpoint with large but extremely low data rate requests (think: a single minimum-size TCP packet once per second) and forcing it to run out of memory. Of course, [intermediate proxies can largely mitigate this](https://www.cloudflare.com/learning/ddos/ddos-low-and-slow-attack/), but not every implementation can trust the source of their data, and this would be valuable for knocking out that vulnerability a bit easier.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/streams/issues/1143#issuecomment-977165684

Received on Tuesday, 23 November 2021 21:02:01 UTC