Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: embedding a safe unescapable mini perl interpreter?

by TJPride (Pilgrim)
on Dec 30, 2011 at 16:14 UTC ( [id://945654]=note: print w/replies, xml ) Need Help??


in reply to embedding a safe unescapable mini perl interpreter?

You do realize that even if you "safe" this, someone can easily DOS you using the right formulas? It would take me only a few minutes to write a script to do that. Allowing users ANY sort of free-form scripting is a bad idea.
  • Comment on Re: embedding a safe unescapable mini perl interpreter?

Replies are listed 'Best First'.
Re^2: embedding a safe unescapable mini perl interpreter?
by cavac (Parson) on Dec 30, 2011 at 18:27 UTC

    You do realize that even if you "safe" this, someone can easily DOS you using the right formulas?

    In my opinion, the scope of the problem depends on your environment. Using such a thing on the public internet would be a bad idea.

    If you have such a tool in your companies intranet (preferably only accessible via some form of authentification), the DOS problem is probably non-existent or at most a one-off thing (e.g. something that can be taken care of permanently by calling the human resources department).

    BREW /very/strong/coffee HTTP/1.1
    Host: goodmorning.example.com
    
    418 I'm a teapot
Re^2: embedding a safe unescapable mini perl interpreter?
by Anonymous Monk on Dec 31, 2011 at 07:36 UTC
    This is what throttling is for, and virtual machiines

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://945654]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2024-03-30 07:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found