Subject: Re: Fw: Signing of XSL scripts From: Paul Prescod <papresco@xxxxxxxxxxxxxxxx> Date: Fri, 29 May 1998 09:59:07 -0400 |
Gavin Nicol wrote: > > Even authentication isn't enough. Having an arbitrary scripting language > opens you to denial of serive attacks, and other such things. An infinitely looping JavaScript program in a web page does not hang the computer, it only hangs the browser. You just kill the browser and start again. I suppose you can call this "denial of service" since you are denied from using the browser session you were using before, but that is quite a trivial service denial. With multithreading, you don't even need to allow that. The "stop" button could kill the XSL thread, just as it kills the download thread if some idiot tries to trick you into downloading his memory image as an image. > What is needed is some way for the XSL processor to be able > to "prove" correctness. Sounds like the halting problem to me. We can't accomplish that and we don't need it. What we need is reliable software with functional "stop" buttons. Paul Prescod - http://itrc.uwaterloo.ca/~papresco Three things never trust in: That's the vendor's final bill The promises your boss makes, and the customer's good will http://www.geezjan.org/humor/computers/threes.html XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
RE: Fw: Signing of XSL scripts, John Dreystadt | Thread | Re: Fw: Signing of XSL scripts, Paul Prescod |
RE: Fw: Signing of XSL scripts, John Dreystadt | Date | Re: Fw: Signing of XSL scripts, Paul Prescod |
Month |