It looks to me the Nova API will be dangerous source of DoS attacks due to the regexp?
On Mon, Apr 28, 2014 at 7:04 PM, Duncan Thomas <duncan.tho...@gmail.com>wrote: > Regex matching in APIs can be a dangerous source of DoS attacks - see > http://en.wikipedia.org/wiki/ReDoS. Unless this is mitigated sensibly, > I will continue to resist any cinder patch that adds them. > > Glob matches might be safer? > > On 26 April 2014 05:02, Zhangleiqiang (Trump) <zhangleiqi...@huawei.com> > wrote: > > Hi, all: > > > > I see Nova allows search instances by name, ip and ip6 fields > which can be normal string and regular expression: > > > > [stack@leiqzhang-stack cinder]$ nova help list > > > > List active servers. > > > > Optional arguments: > > --ip <ip-regexp> Search with regular expression > match by IP address > > (Admin only). > > --ip6 <ip6-regexp> Search with regular expression > match by IPv6 address > > (Admin only). > > --name <name-regexp> Search with regular expression > match by name > > --instance-name <name-regexp> Search with regular > expression match by server name > > (Admin only). > > > > I think it is also needed for Cinder when query the > volume/snapshot/backup by name. Any advice? > > > > ---------- > > zhangleiqiang (Trump) > > > > Best Regards > > > > > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > -- > Duncan Thomas > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
