Re: [Zope] Regular expressions insecurity?
Toby Dickenson wrote:
On Friday 17 January 2003 12:11 pm, Tue Wennerberg wrote:
Hi
Could someone please explain to me why regular expressions have been deemed insecure in ZMI development?
Check the list archives. this is a FAQ.
I've searched. Still no answer. I pretty much knew it was a FAQ (should have mentioned that). It came up on our local user group list twice this week. But.. I've googled, I've searched Zope.org and I've checked the archives for this mailing list, but never found an actual explanation. I know how to get around the problem (use external method or allow 're' library). What I want to know is, what specific parts of regular expressions are insecure? I want to be able to convince people that it's actually a good thing that they're not allowed. -- Mvh. Tue Wennerberg Civilingeniør og Freelance Udvikler http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735 -- Mvh. Tue Wennerberg Civilingeniør og Freelance Udvikler http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735
On Fri, Jan 17, 2003 at 02:04:57PM +0100, Tue Wennerberg wrote:
I pretty much knew it was a FAQ (should have mentioned that). It came up on our local user group list twice this week. But.. I've googled, I've searched Zope.org and I've checked the archives for this mailing list, but never found an actual explanation.
http://zope.nipltd.com/public/lists/zope-archive.nsf/ByKey/B2A709748C869DA5 Basic summary: easy denial of service possibility if you have untrusted users. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
participants (2)
-
Mike Renfro -
Tue Wennerberg