[Zope] Python Script Problem

Evan Simpson evan@4-am.com
Mon, 16 Apr 2001 19:01:44 -0400


From: "Chris Withers" <chrisw@nipltd.com>
> What could be insecure abotu turning a string into a list of characters?!

Gnff.  It's like this, see... If you could turn a string into a list, that
would give you an easy way to generate really long lists, and then you could
loop over the really long list, and burn up memory and CPU time, DOSing
yourself.

Honest.

Yes, I know.  It is.

All of the machinery that guards against foolish or malicious wasting of CPU
and memory should really be optional.  There ought to be an environment
variable, off by default (everybody out there who lets untrusted users write
DTML, raise your hand!), for these particular "security" measures.

I'll see what I can do.

Cheers,

Evan @ digicool