Re: Site Search perlscript and security

in reply to Site Search perlscript and security

To be totally honest with you, I wouldn't allow users to use full blown regexp search (even if they don't know explicitly about it) because it's an overkill in my opinion.

One of the other concerns could be sending the regexp engine into a never ending loop with a malicious regexp, it can be done, that's an attack vector for a (D)DOS.

Comment on Re: Site Search perlscript and security

Replies are listed 'Best First'.
Re^2: Site Search perlscript and security by Your Mother (Archbishop) on Nov 30, 2005 at 07:45 UTC
Agree. And it's not just the malicious. Someone earnestly attempting to write a useful regular expression can unintentionally or accidentally write one that will tie up that server process as long as it's allowed to run/live.	[reply]

In Section Seekers of Perl Wisdom