----- Original Message ----- From: Jeff K. Hoffman <jeff.hoffman@goingv.com>
One of my developers just wrote a Python Method containing:
while 1: print "Foo."
and it happily rendered, tying up that thread indefinitely. Is this supposed to succeed? I thought Python Methods were "safe"?
PythonMethods are "safe" in the sense that they should not allow access to or alteration of Zope objects and data without correct permissions. They are *not* "safe" in the sense of preventing deliberate (or accidental) denial of service. While it would be possible for PMs to detect and halt infinite (or at least very long) loops, this would really only help with accidental cases, and would be fairly expensive. There are so many ways to arrange for a DoS attack, most of them not fixable by the PM machinery, that I've punted on this. What would be really nice is Python machinery to assign space/time limits to a thread, so that *any* request mechanism which started consuming "too much" of your process' resources could be dealt with uniformly. Cheers, Evan @ 4-am & digicool