1 /****************************************************************************
3 ** Copyright (C) 2014 Kurt Pattyn <pattyn.kurt@gmail.com>.
4 ** Contact: http://www.qt-project.org/legal
6 ** This file is part of the QtWebSockets module of the Qt Toolkit.
8 ** $QT_BEGIN_LICENSE:LGPL21$
9 ** Commercial License Usage
10 ** Licensees holding valid commercial Qt licenses may use this file in
11 ** accordance with the commercial license agreement provided with the
12 ** Software or, alternatively, in accordance with the terms contained in
13 ** a written agreement between you and Digia. For licensing terms and
14 ** conditions see http://qt.digia.com/licensing. For further information
15 ** use the contact form at http://qt.digia.com/contact-us.
17 ** GNU Lesser General Public License Usage
18 ** Alternatively, this file may be used under the terms of the GNU Lesser
19 ** General Public License version 2.1 or version 3 as published by the Free
20 ** Software Foundation and appearing in the file LICENSE.LGPLv21 and
21 ** LICENSE.LGPLv3 included in the packaging of this file. Please review the
22 ** following information to ensure the GNU Lesser General Public License
23 ** requirements will be met: https://www.gnu.org/licenses/lgpl.html and
24 ** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
26 ** In addition, as a special exception, Digia gives you certain additional
27 ** rights. These rights are described in the Digia Qt LGPL Exception
28 ** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
32 ****************************************************************************/
34 \class QDefaultMaskGenerator
36 \inmodule QtWebSockets
38 \brief The QDefaultMaskGenerator class provides the default mask generator for QtWebSockets.
40 The WebSockets specification as outlined in {http://tools.ietf.org/html/rfc6455}{RFC 6455}
41 requires that all communication from client to server must be masked. This is to prevent
42 malicious scripts to attack bad behaving proxies.
43 For more information about the importance of good masking,
44 see \l {http://w2spconf.com/2011/papers/websocket.pdf}.
45 The default mask generator uses the cryptographically insecure qrand() function.
46 The best measure against attacks mentioned in the document above,
47 is to use QWebSocket over a secure connection (\e wss://).
48 In general, always be careful to not have 3rd party script access to
49 a QWebSocket in your application.
54 #include "qdefaultmaskgenerator_p.h"
61 Constructs a new QDefaultMaskGenerator with the given \a parent.
65 QDefaultMaskGenerator::QDefaultMaskGenerator(QObject *parent) :
66 QMaskGenerator(parent)
71 Destroys the QDefaultMaskGenerator object.
75 QDefaultMaskGenerator::~QDefaultMaskGenerator()
80 Seeds the QDefaultMaskGenerator using qsrand().
81 When seed() is not called, no seed is used at all.
85 bool QDefaultMaskGenerator::seed() Q_DECL_NOEXCEPT
87 qsrand(static_cast<uint>(QDateTime::currentMSecsSinceEpoch()));
92 Generates a new random mask using the insecure qrand() method.
96 quint32 QDefaultMaskGenerator::nextMask() Q_DECL_NOEXCEPT
98 return quint32((double(qrand()) / RAND_MAX) * std::numeric_limits<quint32>::max());