|
|
|
|
|
|
by jonaf
3468 days ago
|
|
|
edit: see replies to my comment. I mistook the Hyper pull request being merged for being in the latest release, but it isn't. Rocket uses Hyper for its HTTP server. So I checked to see if the Hyper HTTP server was really production-ready. Particularly, if it could handle async IO / solve the C10K problem[0]. It looks like Hyper implemented async IO[1], so it should be adequate for production use in this regard. This is great news for users of Rocket because it means you don't need a separate HTTP framework to run your web service, as you would with, say, Django + gunicorn. Sure, it's a dependency, but in this case, having a production-ready HTTP server out of the box is really nice! Having said that, is there any literature on Rocket/hyper for security? The production-ready HTTP server is great, but it also means it has to be prepared to deal with certain security issues, like listening on 0.0.0.0 and handling file uploads. You could put HAproxy/nginx/whatever in front of it, but I think Rust has the potential to supply / manage all of this within one unit and simplify the stack / attack surface area. [0]: http://www.kegel.com/c10k.html [1]: https://github.com/hyperium/hyper/pull/778 |
|
|