> If presentation logic capability is allowed in the template, a similar > DOS attack could probably be performed against the server quite easily > -- just use a few nested loops to render a huge string. 30 nested > loops on even a very small string should do the trick.
This is test-able. A restricted template should not be able to recognise if it's being tested offline or it's in production. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
