I would use TCPSafeReceive no matter what buffer size is used.

In my experience, the internet is much slower than a intranet, so you need to allow for that.
I found it beneficial to have a parameter you can change that sets the buffer size. You're program may have a default size or even a size that is limiting, such as a small or large size.
If you're buffer is too large for a particular connection or even too small, it can run up your cpu usage, and bring your computer along with other computers connected nearby to a very slow pace.
Dependability is much more better than speed(trying to get every ounce of performance).
What i learned was to use smaller buffers then move up in size later after you have everything working. On windows 2000 systems, i have found out to get the performance up, you use a tool such as Drtcp to adjust your Rwin and MTU.

With a way in your program to alter(tweak) the buffer size, you can make adjustments later, without rewriting your program to suit whatever equipment is being used. You also never know when a dialup modem will have to be used, which means smaller buffers are usually better.

I inserted some SLEEP commands into some of my tcp programs too.
Most of all my programs are somewhere here on the forum.
If my memory servers me right, i believe as i approached a buffer size of 5000 bytes, i had lost connections over the internet, but the intranet was ok, but for large transfers, your network infastructure for 100mbps connections are probably going to suffer.

One one of my backup programs that transfers data over the internet to a remote site brings other computers to their knees if they too are accessing the internet at the same time, if i set the buffer to high.
I would say start with something like 1400 if you want to go over 1024.
I believe the buffer is mostly set on the client side. You can place the number of bytes in the first few characters of the string being sent too.
I like to have some kind of authentication string on the first packet sent/received if i am writing the client and server.
I am only a novice though so keep that in mind too.

unfortuanately any implementation that requires a buffer to be full like the tcpsafereceive is prone to problems. If a user gets in all they have to do is send a single character at certain intervals to cause a ADOS attack. When the time out period has been determined (lets say 30 seconds) then a hacker can send a character every 29 seconds if the buffer is 65K in length then thats like 523 hours.. if the attack is distributed then the hacker can open 10,000 connections and drive legitimate traffic to the TCP Server into the ground. The only reasonable way to do this is to do character based timeouts. get one char at a time and timeout after fewer seconds..

Security check after TCP RECV or TcpSafeReceive

Why wouldn't other receive routines also be prone to problems?
Added a timeout counter.

TcpSafeReceive does not need to be changed in my opinion.
Add security after each receive.
This also assumed someone could get past any up front security.

Simulating reads in this functional example.
Please bring up more security concerns or start another thread.

Most receiver implementations are prone to this problem.

Sorry.. in the example code I dont see anything that makes me believe it is secure.


I deal with security all the time and the first rule is:
"Never assume the person that is there is the one that is supposed to be there"

if the server is availble on the net..then it is available. The biggest risk this year to security is the massive layoffs in the high tech sector.