Subject: Re: Denial of Service Attacks From: gtn@xxxxxxxxxxxx (Gavin Nicol) Date: Mon, 19 May 1997 15:04:40 -0400 |
>>#1. Denial of Service Attacks: DSSSL scripts can go into infinite loops. >>That could hang your computer in a bad implementation or slow it down in >>a good one. This is one more hassle for browser vendors to worry about. >>They've already got security problems up the wazoo. (so maybe they don't >>mind another one? :) ) > >This is an interesting point. One solution might be for browsers to provide >a configurable timeout for processing each node (I seem to remember >PostScript printers have something like this). Don't browser vendors >already have basicallly the same problem with HTML scripting? HTML scripting does already have this problem. However, given the functional nature of DSSSL, shoudln't it be possible to statically analyse the specification? DSSSList info and archive: http://www.mulberrytech.com/dsssl/dssslist
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Programmable or declarative stylesh, Paul Prescod | Thread | Re: Denial of Service Attacks, Paul Prescod |
Re: SGML/XML syntax for DSSSL, Gavin Nicol | Date | Re: Programmable or declarative st, lee |
Month |