[Zope-dev] Python Method infinite loop?
Evan Simpson
evan@4-am.com
Fri, 10 Mar 2000 01:38:11 -0500
----- Original Message -----
From: Jeff K. Hoffman <jeff.hoffman@goingv.com>
> One of my developers just wrote a Python Method containing:
>
> while 1:
> print "Foo."
>
> and it happily rendered, tying up that thread indefinitely. Is this
> supposed to succeed? I thought Python Methods were "safe"?
PythonMethods are "safe" in the sense that they should not allow access to
or alteration of Zope objects and data without correct permissions.
They are *not* "safe" in the sense of preventing deliberate (or accidental)
denial of service. While it would be possible for PMs to detect and halt
infinite (or at least very long) loops, this would really only help with
accidental cases, and would be fairly expensive. There are so many ways to
arrange for a DoS attack, most of them not fixable by the PM machinery, that
I've punted on this.
What would be really nice is Python machinery to assign space/time limits to
a thread, so that *any* request mechanism which started consuming "too much"
of your process' resources could be dealt with uniformly.
Cheers,
Evan @ 4-am & digicool