On 6/1/07, Christopher Schultz <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nathan,
Nathan Bubna wrote:
>> 2. Throw another exception (MacroDepthExceededException?)
>>
>> The way I see it, neither of these options is any better than simply
>> allowing the stack overflow to occur.
>
> Stack overflows can be caused by many things. Throwing a
> MacroDepthException is much more informative, and in the case of 3rd
> party templates being introduced to a running system, can prevent DOS
> type stuff.
Yeah... as I was typing that question, I was thinking "well, stack
overflow could mean many things", although I immediately assume that my
template has infinite recursion in these cases ;)
:)
I hasn't really thought about 3rd-party templates. Does anyone have any
data on the impact of a stack overflow on a running app server? I would
imagine that a better way to perform a DOS would be to concatenate
strings forever in an endless loop. There's really no checking that can
be done against that.
still plugging what holes we can ain't a bad thing :)
Okay. Enough nay-saying from me ;)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGYGY39CaO5/Lv0PARAm9iAJ0cYAW0Rs6h5yfVwefQkvPcMnUmPgCgjnkV
IG5pXk8OVJY+44SHv+mr/i0=
=9F0i
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
