27 Feb
2011
27 Feb
'11
11:28 p.m.
Say you wanted to give web users a boost::regex interface to a set of data, knowing that some will try to use it for mischief and malice. I'm vaguely aware that one can write a regex to consume lots of CPU (denial-of-service attack), but also lots of stack and/or memory. What are the risks and how would you address them? Would you filter out certain classes of regular expressions? Tune it via BOOST_REGEX_NON_RECURSIVE and/or other parameters? Would you forbid it altogether? Thanks in Advance, -Jim