On Sun, Jan 19, 2003 at 09:13:12PM +0100, Tue Wennerberg wrote:
Well, I vaguely remember having participated in a discussion about that also, and I believe I chipped in an example like:
for a in range(0,1000): for b in range(0,1000): for c in range(0,1000):
... you get the picture.
Thus demonstrating that a malicious scripter could always cause a DOS.
Malicious script writer don't need no stinkin' loop: 999999999999999L ** 999999999999999L That will keep Zope completely busy for a nice long while*; due to the way the Global Interpreter Lock works, no other threads will get to run at all as long as this computation is running, because it's only one instruction and the lock can't be released to another thread in the middle of an instruction. Put that in a script, and as soon as someone visits the script, zope is hung until it finishes. Yes, I've tried it. * I don't know how long this will hang for ... I tried it, but got bored of waiting for it to finish so I killed it. Even 99999L ** 99999L takes longer than I care to wait for. -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's ANNOYING RHINOCEROUS CLOWN! (courtesy of isometric.spaceninja.com)