[Zope] Regular expressions insecurity?
Tue Wennerberg
tue@wennerberg.dk
Fri, 17 Jan 2003 15:36:25 +0100
Mike Renfro wrote:
> On Fri, Jan 17, 2003 at 02:04:57PM +0100, Tue Wennerberg wrote:
>
>
>> I pretty much knew it was a FAQ (should have mentioned that). It
>> came up on our local user group list twice this week. But.. I've
>> googled, I've searched Zope.org and I've checked the archives for
>> this mailing list, but never found an actual explanation.
>
>
>
>
http://zope.nipltd.com/public/lists/zope-archive.nsf/ByKey/B2A709748C869DA5
>
> Basic summary: easy denial of service possibility if you have
> untrusted users.
Thank you very much. I did read that mail, but apparently not thoroughly
enough.
But... If it's only a question of Denial of Service, how are regular
expressions any different from python scripts. Surely, a site developer
can simply make an infinite loop in his python script.
On that basis, I claim that either regular expressions should be
allowed, or python scripts should be banned! What am I missing?
--
Mvh. Tue Wennerberg
Civilingeniør og Freelance Udvikler
http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735