Damjan wrote: > What is the choice of restricted templates for TurboGears? > By restricted I mean, the template should not be able to execute > arbitrary python code (or maybe it should not execute anything at all).
Are most people who require restricted templates trying to counter malicious execution, or merely trying to counter accidents? It seems that various template language design constructs could easily help avoid accidents (or even naive maliciousness), but intelligent malicious template design is a much harder problem to solve. Google for the "billion laughs" attack, which can easily lock up a browser without even doing any coding. If presentation logic capability is allowed in the template, a similar DOS attack could probably be performed against the server quite easily -- just use a few nested loops to render a huge string. 30 nested loops on even a very small string should do the trick. I'm sure you can add restrictions to counter every issue that pops up. For example, in this case, your template language could limit the number of allowed nested loops. But it still seems like a very hard problem, in a Mad Magazine Spy vs. Counterspy sort of way (or Microsoft Windows anti-virus sort of way, for you youngsters), so I'm interested in understanding what drives the interest in the template restrictions. Is it truly to build a wall between multiple arbitrary users' templates inside a common web process, or is it to keep a single user from hogging resources, or is it a concern that a template author might make a mistake? Thanks, Pat --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
