[REBOL] [load vs load/all] [how to//handle untrusted data] load v load/all - CGI security & word consumption
From: pwawood::mango::net::my at: 17-Nov-2004 14:12
Whilst tagging the mailing list archive, I came across this important
question to which there seems to be no response.
The basic premises are that it's more secure to use load/all when
reading "untrusted" data and that using load/all eats up available
words.
Are this true?
Is there a better way of handling "untrusted" data?
Regards
Peter
The original message :
Hi there,
Jeff (Rebol Technologies)(I think) in Zine/4 wrote:
====
In fact, LOAD/all is the safest LOAD and you should use it when ever
LOADing a string or file from an untrusted source (like CGI, for
instance).
<snip>
LOAD/all will always give you a block where as LOAD will give you a
single item if there is only one item. LOAD/all always produces a block
as a convenience because it is the "paranoid" LOAD. Whatever you give
LOAD/all, it always gives you an unevaluated block of that thing. So if
you do:
error? try [load/all some-random-string]
you can't go wrong. LOAD/all you can.
====
That's good advice, and it showed me how i had a security flaw in my
code...Just doing a Load on a CGI field is a route to an immediate
shutdown if the field contains "Rebol [Quit]".
But it seems to be a ticking timebomb .... Each Load/All uses up (at
least) one entry in System/words -- e.g.
loop 2000 [
load/all join "A" [Random 50000]
print length? first system/words
]
When First System/words hits 4095 (or thereabouts: I believe the number
differs across systems), my 24x7 application goes down like a Microsoft
server.
I'm using Load/All to convert a untrusted string into a date or decimal
or string. Does anyone have a workaround for its unwanted behavior? Or
am I writing the function 'ConvertUntrusted ?
--Thanks,
--Colin.
