Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] [load vs load/all] [how to//handle untrusted data] load v load/all - CGI security & word consumption

From: pwawood::mango::net::my at: 17-Nov-2004 14:12

Whilst tagging the mailing list archive, I came across this important question to which there seems to be no response. The basic premises are that it's more secure to use load/all when reading "untrusted" data and that using load/all eats up available words. Are this true? Is there a better way of handling "untrusted" data? Regards Peter The original message : Hi there, Jeff (Rebol Technologies)(I think) in Zine/4 wrote: ==== In fact, LOAD/all is the safest LOAD and you should use it when ever LOADing a string or file from an untrusted source (like CGI, for instance).
<snip>
LOAD/all will always give you a block where as LOAD will give you a single item if there is only one item. LOAD/all always produces a block as a convenience because it is the "paranoid" LOAD. Whatever you give LOAD/all, it always gives you an unevaluated block of that thing. So if you do: error? try [load/all some-random-string] you can't go wrong. LOAD/all you can. ==== That's good advice, and it showed me how i had a security flaw in my code...Just doing a Load on a CGI field is a route to an immediate shutdown if the field contains "Rebol [Quit]". But it seems to be a ticking timebomb .... Each Load/All uses up (at least) one entry in System/words -- e.g. loop 2000 [ load/all join "A" [Random 50000] print length? first system/words ] When First System/words hits 4095 (or thereabouts: I believe the number differs across systems), my 24x7 application goes down like a Microsoft server. I'm using Load/All to convert a untrusted string into a date or decimal or string. Does anyone have a workaround for its unwanted behavior? Or am I writing the function 'ConvertUntrusted ? --Thanks, --Colin.