velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Pettiss <jason.pett...@TheCatalis.com>
Subject Re: user-written templates / reflection safety
Date Sat, 08 Oct 2005 20:52:39 GMT
I agree with you, writing a language to guard against truly malicious 
behavior only penalizes the rest of us.  But let's say you're a hosting 
provider and you let people upload the scripts as part of their personal 
hosting and you provide them all the APIs which you think are 'safe' and 
will not be time consuming.  Then the question is-- what could you do to 
keep them from hosing your server?

So yeah, what you say-- keep a running count of the number of total 
iterations of all loops on the page.  If this is an HTML page and there 
are more than, say, 4 million, clearly there is something wrong.  ;-)  
So you interrupt it and just spit out an incomplete page.  Or, if the 
total output is larger than a certain amount, you shut it down.  Then as 
long as your APIs are really restrictive and well designed, then people 
shouldn't be able to hose you too bad...

James Kebinger wrote:

>So what do you want? A limit on how big one's loop variable can be? You
>can't prevent every action by a completely pathological user other than by
>not letting them upload arbitrary scripts.
>
>On 10/7/05, Daniel Dekany <ddekany@freemail.hu> wrote:
>  
>
>>Friday, October 7, 2005, 8:11:02 PM, Will Glass-Husain wrote:
>>
>>    
>>
>>>Hi,
>>>
>>>(pls change the subject line when you change topic - thanks!)
>>>
>>>Just as a quick side note... I have hundreds of users writing their
>>>      
>>>
>>Velocity
>>    
>>
>>>own templates and uploading them to my system. You need a custom
>>>uberspector to prevent evil reflection (this will be standard in v1.6).
>>>      
>>>
>>I
>>    
>>
>>>am also cautious about what objects and methods are in the context
>>>      
>>>
>>(users do
>>    
>>
>>>not have control of this). Infinite loops are not possible with the
>>>#foreach directive.
>>>      
>>>
>>When I said "practically infinite loop" then I meant something like:
>>
>>#foreach( $a in [1..9999999] )
>>#foreach( $b in [1..9999999] )
>>#foreach( $c in [1..9999999] )
>>#foreach( $d in [1..9999999] )
>>#foreach( $e in [1..9999999] )
>>#foreach( $f in [1..9999999] )
>>#foreach( $g in [1..9999999] )
>>Mmmmmuhahahaha!
>>#end
>>#end
>>#end
>>#end
>>#end
>>#end
>>#end
>>
>>I would think it's a problem.
>>
>>    
>>
>>>Finally, I use a Java security policy file for extra
>>>protection.
>>>
>>>See this essay for some more thoughts on this matter.
>>>http://wiki.apache.org/jakarta-velocity/BuildingSecureWebApplications
>>>
>>>WILL
>>>      
>>>
>>--
>>Best regards,
>>Daniel Dekany
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: velocity-user-help@jakarta.apache.org
>>
>>
>>    
>>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org


Mime
View raw message