Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
There is a potential problem with this module if a user enters multiple chat messages quickly.
This could potentially be mitigated with a mix of client side (i.e. javascript) and server side php checks before the message is sent (i.e. flood_is_allowed).
This issue was originally identified by ball.in.th and reported to the security team as a denial of service, but it was deemed to be no more serious than other ways that an authenticated user can create resource demands on a site.
Comments
Comment #1
Anonymous (not verified) CreditAttribution: Anonymous commentedComment #2
gregglesWhat more information do you want? Or is this just a way to say "you don't plan to work on it?" in which case "postponed" seems more appropriate.
Comment #3
Anonymous (not verified) CreditAttribution: Anonymous commentedyes, you are right, i don't plan to work on it.
Comment #4
gregglesWould you accept a patch for it if someone else wrote it?
Comment #5
Anonymous (not verified) CreditAttribution: Anonymous commentedabsolutely, i'll reopen and see.
but its a polling chatroom. its going to suck at performance, unless you slow it down - there is no way around that trade off.