There is a potential problem with this module if a user enters multiple chat messages quickly.

This could potentially be mitigated with a mix of client side (i.e. javascript) and server side php checks before the message is sent (i.e. flood_is_allowed).

This issue was originally identified by ball.in.th and reported to the security team as a denial of service, but it was deemed to be no more serious than other ways that an authenticated user can create resource demands on a site.

Comments

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Active » Postponed (maintainer needs more info)
greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
CreditAttribution: greggles commented

What more information do you want? Or is this just a way to say "you don't plan to work on it?" in which case "postponed" seems more appropriate.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Postponed (maintainer needs more info) » Closed (works as designed)

yes, you are right, i don't plan to work on it.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
CreditAttribution: greggles commented

Would you accept a patch for it if someone else wrote it?

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Closed (works as designed) » Active

absolutely, i'll reopen and see.

but its a polling chatroom. its going to suck at performance, unless you slow it down - there is no way around that trade off.