Joachim Werner wrote:
These few lines brought the Zope server (and the Browser I used for testing)
to a halt:

html = ''
    html += '|'.join([html, letter])
return html
This computes a string O(2^26) in length. Scripts make very little attempt to prevent excessive consumption of memory or CPU, since the only sure way to do this is to have hard OS-level limits on a per-thread basis, plus the ability to cleanly shut down a thread that violated the limits.

If someone maliciously writes a Script to take down your Zope, you can revoke their login (unless you allow Anonymous to edit Scripts :-P). It would be nice to more protection against code such as your example that accidentally spins out of control, but your example also demonstrates just how hard this is to do. The interpreter would have to check the size of every object it constructed, at every step, in order to catch this case. This could easily drag performance down by an order of magnitude.


Evan @ 4-am

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to