On 04/29/2014 03:34 PM, Steven Kaufer wrote:
Jay Pipes jaypi...@gmail.com wrote on 04/29/2014 02:26:42 PM:
From: Jay Pipes jaypi...@gmail.com
To: openstack-dev@lists.openstack.org,
Date: 04/29/2014 02:27 PM
Subject: Re: [openstack-dev] [Cinder] cinder not support query
volume/snapshot
Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Cinder] cinder not support query volume/snapshot
with regular expression
It looks to me the Nova API will be dangerous source of DoS attacks due to the
regexp?
On Mon, Apr 28, 2014 at 7:04 PM, Duncan Thomas
duncan.tho
...
Best,
-jay
zhangleiqiang (Trump)
Best Regards
*From:*laserjetyang [mailto:laserjety...@gmail.com]
*Sent:* Tuesday, April 29, 2014 1:49 PM
*To:* OpenStack Development Mailing List (not for usage questions)
*Subject:* Re: [openstack-dev] [Cinder] cinder not support query
volume/snapshot
Jay Pipes jaypi...@gmail.com wrote on 04/29/2014 02:26:42 PM:
From: Jay Pipes jaypi...@gmail.com
To: openstack-dev@lists.openstack.org,
Date: 04/29/2014 02:27 PM
Subject: Re: [openstack-dev] [Cinder] cinder not support query
volume/snapshot with regular expression
On 04/29/2014 02:16 AM
Regex matching in APIs can be a dangerous source of DoS attacks - see
http://en.wikipedia.org/wiki/ReDoS. Unless this is mitigated sensibly,
I will continue to resist any cinder patch that adds them.
Glob matches might be safer?
On 26 April 2014 05:02, Zhangleiqiang (Trump)
Thanks for your reply.
Regex matching can be implemented in Database, and glob matches may not
work fine with paginate_query. However, the ReDoS you mentioned will not
be avoided when using regex matching.
I will think of it again.
Thanks.
2014-04-28 19:04 GMT+08:00 Duncan Thomas
It looks to me the Nova API will be dangerous source of DoS attacks due to
the regexp?
On Mon, Apr 28, 2014 at 7:04 PM, Duncan Thomas duncan.tho...@gmail.comwrote:
Regex matching in APIs can be a dangerous source of DoS attacks - see
http://en.wikipedia.org/wiki/ReDoS. Unless this is