Boost Users :

Date view	Thread view	Subject view	Author view

Subject: [Boost-users] [regex] Mitigating mischief and malice
From: Jim Bell (Jim_at_[hidden])
Date: 2011-02-27 18:28:31

Next message: Eric Niebler: "Re: [Boost-users] [regex] Mitigating mischief and malice"
Previous message: Neil Groves: "Re: [Boost-users] [range] join() and adaptors::transformed do not play nicely with each other"
Next in thread: Eric Niebler: "Re: [Boost-users] [regex] Mitigating mischief and malice"
Reply: Eric Niebler: "Re: [Boost-users] [regex] Mitigating mischief and malice"
Reply: John Maddock: "Re: [Boost-users] [regex] Mitigating mischief and malice"

Say you wanted to give web users a boost::regex interface to a set of
data, knowing that some will try to use it for mischief and malice. I'm
vaguely aware that one can write a regex to consume lots of CPU
(denial-of-service attack), but also lots of stack and/or memory.

What are the risks and how would you address them?

Would you filter out certain classes of regular expressions?

Tune it via BOOST_REGEX_NON_RECURSIVE and/or other parameters?

Would you forbid it altogether?

Thanks in Advance,
-Jim

Next message: Eric Niebler: "Re: [Boost-users] [regex] Mitigating mischief and malice"
Previous message: Neil Groves: "Re: [Boost-users] [range] join() and adaptors::transformed do not play nicely with each other"
Next in thread: Eric Niebler: "Re: [Boost-users] [regex] Mitigating mischief and malice"
Reply: Eric Niebler: "Re: [Boost-users] [regex] Mitigating mischief and malice"
Reply: John Maddock: "Re: [Boost-users] [regex] Mitigating mischief and malice"

Date view	Thread view	Subject view	Author view

Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net