On Thu, 15 Jul 2004 16:11:16 +1000, Tim Starling ts4294967296@hotmail.com wrote:
The vulnerability with inclusion was pointed out when we had a hard-coded maximum depth of 1. As I explained in a comment in the source file:
#---------------------------------------- # Variable substitution O(N^2) attack #----------------------------------------- # Without countermeasures, it would be possible to attack the parser by saving a page # filled with a large number of inclusions of large pages. The size of the generated # page would be proportional to the square of the input size. Hence, we limit the number # of inclusions of any given page, thus bringing any attack back to O(N). #
Hmm.. the problem would seem insurmountable then (barring some sort of checking on the size of includes, which seems like more trouble than its worth).
Oh well.
-Bill Clark