16 Apr
2001
16 Apr
'01
11:01 p.m.
From: "Chris Withers" <chrisw@nipltd.com>
What could be insecure abotu turning a string into a list of characters?!
Gnff. It's like this, see... If you could turn a string into a list, that would give you an easy way to generate really long lists, and then you could loop over the really long list, and burn up memory and CPU time, DOSing yourself. Honest. Yes, I know. It is. All of the machinery that guards against foolish or malicious wasting of CPU and memory should really be optional. There ought to be an environment variable, off by default (everybody out there who lets untrusted users write DTML, raise your hand!), for these particular "security" measures. I'll see what I can do. Cheers, Evan @ digicool