Re: [Zope] Re Re: Regular expressions insecurity? - Zope - Zope lists

newer
simple counter?

Re: [Zope] Re Re: Regular expressions insecurity?

older
Emacs, TRAMP, and frustration

Dennis Allison

19 Jan 2003 19 Jan '03

5:54 a.m.

According to an earlier post, re is not available n Python Scripts because they can be the source of a DOS attack. In my systems, I've decided that such attacks are an acceptable risk. I have enable re for Python Scripts in my system(s). Apparently this is a common practice. Follow the instructions in the PythonScript sources. Of course, you need source code access.

Reply

Sign in to reply online Use email software

Show replies by date

Tue Wennerberg

19 Jan 19 Jan

5:11 p.m.

New subject: [Zope] Re Re: Regular expressions insecurity?

Dennis Allison wrote:

According to an earlier post, re is not available n Python Scripts because they can be the source of a DOS attack.

Yes, I hear that, but I'm not convinced. What exactly can regular expressions do, that Python scripts can't?

In my systems, I've decided that such attacks are an acceptable risk. I have enable re for Python Scripts in my system(s). Apparently this is a common practice. Follow the instructions in the PythonScript sources. Of course, you need source code access.

Many people will be be willing to accept that risk. But noone really knows if they're taking a risk of being further compromised, since the implications are not described anywhere (or maybe they are, and I simply haven't found it). -- Mvh. Tue Wennerberg Civilingeniør og Freelance Udvikler http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735

Reply

Sign in to reply online Use email software

8478

Age (days ago)

8478

Last active (days ago)

1 comments

2 participants

tags

participants (2)

Dennis Allison
Tue Wennerberg