Re: Denial of Service Attacks

Subject: Re: Denial of Service Attacks
From: gtn@xxxxxxxxxxxx (Gavin Nicol)
Date: Mon, 19 May 1997 15:04:40 -0400
>>#1. Denial of Service Attacks: DSSSL scripts can go into infinite loops.
>>That could hang your computer in a bad implementation or slow it down in
>>a good one. This is one more hassle for browser vendors to worry about.
>>They've already got security problems up the wazoo. (so maybe they don't
>>mind another one? :) )
>
>This is an interesting point.  One solution might be for browsers to provide
>a configurable timeout for processing each node (I seem to remember
>PostScript printers have something like this).  Don't browser vendors
>already have basicallly the same problem with HTML scripting?

HTML scripting does already have this problem. However, given the
functional nature of DSSSL, shoudln't it be possible to statically
analyse the specification?


 DSSSList info and archive:  http://www.mulberrytech.com/dsssl/dssslist


Current Thread