<-prev [Thread] next-> <-prev [Date] next->
Month Index | List Home

Re: Fw: Signing of XSL scripts

Subject: Re: Fw: Signing of XSL scripts
From: Paul Prescod <papresco@xxxxxxxxxxxxxxxx>
Date: Fri, 29 May 1998 09:59:07 -0400
Gavin Nicol wrote:
> 
> Even authentication isn't enough. Having an arbitrary scripting language
> opens you to denial of serive attacks, and other such things. 

An infinitely looping JavaScript program in a web page does not hang the
computer, it only hangs the browser. You just kill the browser and start
again. I suppose you can call this "denial of service" since you are
denied from using the browser session you were using before, but that is
quite a trivial service denial. With multithreading, you don't even need
to allow that. The "stop" button could kill the XSL thread, just as it
kills the download thread if some idiot tries to trick you into
downloading his memory image as an image.

> What is needed is some way for the XSL processor to be able
> to "prove" correctness.

Sounds like the halting problem to me. We can't accomplish that and we
don't need it. What we need is reliable software with functional "stop"
buttons.

 Paul Prescod  - http://itrc.uwaterloo.ca/~papresco

Three things never trust in: That's the vendor's final bill
The promises your boss makes, and the customer's good will 
http://www.geezjan.org/humor/computers/threes.html


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
Current Thread
<- PreviousIndexNext ->
RE: Fw: Signing of XSL scripts, John Dreystadt Thread Re: Fw: Signing of XSL scripts, Paul Prescod
RE: Fw: Signing of XSL scripts, John Dreystadt Date Re: Fw: Signing of XSL scripts, Paul Prescod
Month