On Tuesday, 28. January 2003 18:58, S Woodside wrote: > > "insert-after,/email[last()]"... but this is dangerous: you need some > > way to > > make sure you don't blindly execute xupdate statements someone nasty > > might > > craft. Even if you validate the resulting XML, the xupdate might DoS > > your > > server by executing very complicated statements. So best would be to > > check [...]
> When you say it's dangerous, I'm not sure how much ... people will > never have access to documents other than their own docu, so they can't > really trash anything except their own stuff. conditional processing is > undefined in the WD, so how complicated can the xupdate get? I mean, I > can check the length and make sure it's some sane size, but one of the > huge advantages I want from this is to pass everything through the > client, so that i can let xml "do the work" and not be hyper about > verifying things. Not verifying is calling for trouble - somewhere, somewhen. "Never trust user input" is true here as it is anywhere else. Remember that ftp DoS bug? An "ls */../*/../*/../*/.." (continued some more) brought several ftpd's down to a halt by using 100% CPU. Are you sure that your XUpdate inplementation handles select="//*/..//*/..//*" efficiently? There could always be more hidden traps. -- CU Joerg PGP Public Key at http://ich.bin.kein.hoschi.de/~trouble/public_key.asc PGP Key fingerprint = D34F 57C4 99D8 8F16 E16E 7779 CDDC 41A4 4C48 6F94 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
