irkerd: Replace 'password' global with local Connection.password

[irker.git] / security.txt

diff --git a/security.txt b/security.txt
index 4bee57750c9fe9ebc7713fbf4dbbad583794a151..e217720979ea47b9a70d1e22255a9b96635842c3 100644 (file)
--- a/security.txt
+++ b/security.txt
@@ -163,10 +163,6 @@ near resource limits.  An ordinary DoS attack would then be prevented
 from completely blocking all message traffic; the cost would be a
 whole lot of join/leave spam due to connection churn.
 
 from completely blocking all message traffic; the cost would be a
 whole lot of join/leave spam due to connection churn.
 

-We also use greenlets (Python coroutines imitating system threads)
-when they are available.  This reduces memory overhead due to
-threading substantially, making a thread-flooding DoS more dfficult.
-

 == Authentication/Integrity ==
 
 One way to help prevent DoS attacks would be in-band authentication -
 == Authentication/Integrity ==
 
 One way to help prevent DoS attacks would be in-band authentication -


@@ -184,7 +180,7 @@ for a godawful amount of code bloat.
 The deployment advice in the installation instructions assumes that 
 irkerd submitters are "authenticated" by being inside a firewall - that is,
 mesages are issued from an intranet and it can be trusted that anyone 
 The deployment advice in the installation instructions assumes that 
 irkerd submitters are "authenticated" by being inside a firewall - that is,
 mesages are issued from an intranet and it can be trusted that anyone 

-issuing messages from within a given intrenet is authorized to do so.
+issuing messages from within a given intranet is authorized to do so.

 This fits the assumption that irker instances will run on forge sites
 receiving requests from instances of irkerhook.py.
 
 This fits the assumption that irker instances will run on forge sites
 receiving requests from instances of irkerhook.py.