Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: Site Search perlscript and security

by szbalint (Friar)
on Nov 29, 2005 at 16:52 UTC ( #512702=note: print w/replies, xml ) Need Help??


in reply to Site Search perlscript and security

To be totally honest with you, I wouldn't allow users to use full blown regexp search (even if they don't know explicitly about it) because it's an overkill in my opinion.

One of the other concerns could be sending the regexp engine into a never ending loop with a malicious regexp, it can be done, that's an attack vector for a (D)DOS.

  • Comment on Re: Site Search perlscript and security

Replies are listed 'Best First'.
Re^2: Site Search perlscript and security
by Your Mother (Bishop) on Nov 30, 2005 at 07:45 UTC

    Agree. And it's not just the malicious. Someone earnestly attempting to write a useful regular expression can unintentionally or accidentally write one that will tie up that server process as long as it's allowed to run/live.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://512702]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (7)
As of 2018-07-17 06:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    It has been suggested to rename Perl 6 in order to boost its marketing potential. Which name would you prefer?















    Results (355 votes). Check out past polls.

    Notices?