Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: Site Search perlscript and security

by szbalint (Friar)
on Nov 29, 2005 at 16:52 UTC ( #512702=note: print w/replies, xml ) Need Help??


in reply to Site Search perlscript and security

To be totally honest with you, I wouldn't allow users to use full blown regexp search (even if they don't know explicitly about it) because it's an overkill in my opinion.

One of the other concerns could be sending the regexp engine into a never ending loop with a malicious regexp, it can be done, that's an attack vector for a (D)DOS.

  • Comment on Re: Site Search perlscript and security

Replies are listed 'Best First'.
Re^2: Site Search perlscript and security
by Your Mother (Bishop) on Nov 30, 2005 at 07:45 UTC

    Agree. And it's not just the malicious. Someone earnestly attempting to write a useful regular expression can unintentionally or accidentally write one that will tie up that server process as long as it's allowed to run/live.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://512702]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (5)
As of 2018-10-20 02:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    When I need money for a bigger acquisition, I usually ...














    Results (111 votes). Check out past polls.

    Notices?
    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!