[7592] in bugtraq
Re: Object tag crashes Internet Explorer 4.0
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Aug 10 12:09:45 1998
Date: Sat, 8 Aug 1998 11:18:45 +0200
Reply-To: Florian Weimer <fw@CYGNUS.STUTTGART.NETSURF.DE>
From: Florian Weimer <fw@CYGNUS.STUTTGART.NETSURF.DE>
X-To: Paul Leach <paulle@MICROSOFT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Paul Leach's message of "Thu, 6 Aug 1998 11:21:47 -0700"
Paul Leach <paulle@MICROSOFT.COM> writes:
> However, web pages can contain more complex constructs than that, constructs
> that can make them into (in the general case) full fledged, Turing complete,
> programs.
BTW: Regarding security concerns, it is completely irrelevant whether
the `algorithm' implemented by a `dynamic' HTML page is (provably)
terminating or not. For DoS attacks, you have to grab only a finite
amount of resources to make the system unusable, which, of course, is
possible in a finite amount of program steps.
IMHO, it's much better to impose strict limits on the amount of system
resources a Web browser may use rather than to implement sophisticated
algorithms which try to prove that those limits are not exceeded. The
latter might even require more resources than simply displaying the
page.
