On Thu, 15 Jul 2004 16:11:16 +1000, Tim Starling
<ts4294967296(a)hotmail.com> wrote:
The vulnerability with inclusion was pointed out when
we had a
hard-coded maximum depth of 1. As I explained in a comment in the source
file:
#----------------------------------------
# Variable substitution O(N^2) attack
#-----------------------------------------
# Without countermeasures, it would be possible to attack the parser by
saving a page
# filled with a large number of inclusions of large pages. The size of
the generated
# page would be proportional to the square of the input size. Hence, we
limit the number
# of inclusions of any given page, thus bringing any attack back to O(N).
#
Hmm.. the problem would seem insurmountable then (barring some sort of
checking on the size of includes, which seems like more trouble than
its worth).
Oh well.
-Bill Clark