[Zope] Re: Regular expressions insecurity?
Tue Wennerberg
tue@wennerberg.dk
Mon, 20 Jan 2003 17:17:06 +0100
Evan Simpson wrote:
> Tue Wennerberg wrote:
>
>> I'm still puzzled as to why regular expressions are banned.
>
>
> "Banned" is a bit strong. I would say that they aren't enabled by
> default. It is certainly possible to allow them on your site by making
> your own security assertions for them.
I agree, "banned" was too strong a word too use. English is not my
native tongue, so please forgive me :-)
But my point is, regular expressions ought to be enabled by default,
because it's such a powerful feature, and the "insecurity" is present
anyway. In fact, I don't even agree that there's a security issue at
all, since you're forced to trust your script developer anyway.
Regards, Tue Wennerberg
Civilingeniør og Freelance Udvikler
http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735