Hey guys,

I've been ordered to program a QT server that can handle multiple clients (~500 and up) at the same time. It's being used for bi-directional sending of strings to a subset of the connected clients (which depends on the type of message being sent).
I've looked around and came to the conclusion that a single-threaded asynchronous socket server is the way to go since resources are limited. I found an article in the wiki
( http://www.qtcentre.org/wiki/index.p...hout_threading ) that explains the basic setup of it. At the end,however, it states that such a server does not contain any security features.

Now my question is: What are the basic security features a public server (Did I mention that anybody will be able to register and login to the service the server will provide) should have ?

So far I can only come up with the obvious:
- only transferring critical user data in a hashed form
- Implement somewhat of a Ddos prevention that locks out certain IPs
- Clean up incoming strings right after reading them from a client and vice versa

Any other thoughts of things I have missed ? I have a feeling that I'm missing something big.

Any help is very much appreciated

Thank you
Alex