[Libevent-users] Re: [Libevent-users] Security question [was: Asynchronous writes…]

[Frank Schoep <frank@xxxxxxx>]

On 19 jan 2012, at 22:00, MigueL DíaZ wrote:
> …
> I'd second that idea. Unless you intend to use the same code/protocol you use for you inter-thread communication in a network environment, using evbuffer might be just an overkill.

Thanks for the tips, Nick and Miguel – they made me rethink my application's architecture. I will be implementing the application over the course of the next few weeks and I think everything will work out just fine.

There's an additional question I would like to ask. Sorry for the slightly OT, but I didn't want to start a new thread just for this one.

Could libevent potentially have security problems that would enable remote code execution or denial-of-service attacks due to its event and buffer handling? Although I'm not a fan of security-by-obscurity, would hiding the server's libevent version number and/or backend (poll etc.) improve security?

I can understand that any security issues in the underlying network and kernel stack will be exposed independent of the event loop mechanism, so I'm just asking about potential libevent bugs you could think of.

Thanks again for your time, I appreciate your replies.

With kind regards,

Frank

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.