New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
replace unsafe new Buffer() by Buffer.alloc() when decode and encode #106
Conversation
…ffer.alloc will never use buffer_pools, slower but safe
1 similar comment
|
@Runrioter When the buffer size is less than 4KB in default conf, Session data is sensitive. If someone or other middlewares reuse the buffer pool without That is why |
@sodawy Firstly, your understanding of
Finally, if there are bad software running in your server, |
In node benchmark,
Another test: const TIMES_K = 1024
const STR = 'eyJ2aWV3cyI6MSwiX2V4cGlyZSI6MTUxNTI1OTQwNzMxNSwiX21heEFnZSI6ODY0MDAwMDB9';
function byFrom(times, string) {
const start = Date.now();
for(let i = 0; i < times; i++){
Buffer.from(string, 'base64')
}
return (Date.now() - start)/times
}
function byAlloc(times, string) {
const start = Date.now();
for(let i = 0; i < times; i++){
Buffer.alloc(Buffer.byteLength(string, 'base64'), string, 'base64')
}
return (Date.now() - start)/times
}
console.log(`every alloc operation by Buffer.from: ${byFrom(TIMES_K, STR)}ms`); //
console.log(`every alloc operation by Buffer.alloc: ${byAlloc(TIMES_K, STR)}ms`);
/*
output
every alloc operation by Buffer.from: 0.00390625ms
every alloc operation by Buffer.alloc: 0.005859375ms
every buffer alloc, Buffer.alloc is shower than Buffer.from 0.002ms
*/ |
@sodawy oh sorry, not only performance, memory usage is also important when we meet high concurrence. |
@Runrioter Haha~ Never mind, I keep my opinion. |
@dead-horse |
@kroleg thanks~ |
new Buffer()
was deprecated and unsafe(expose the session to public buffer memory).Buffer.alloc
will never use buffer_pools, a little slower but safe.