[Owasp-leaders] Question on Regex

Eoin eoin.keary at owasp.org
Thu Oct 15 01:07:53 EDT 2009


I remember reading about RegEx DoS recently
Shall this have any impact on your discussions?

2009/10/14 McGovern, James F. (eBusiness) <James.McGovern at thehartford.com>

>  Having a debate with some developers and I wanted to understand if there
> was any security perspectives that have merit when it comes to using Regex.
> So, I noted that ESAPI for example, has a single properties file where regex
> compilation happens in each validation action and not via uber-singleton
> upfront compilation. Is this developer religion?
>
> ************************************************************
> This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
> ************************************************************
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Eoin Keary CISSP CISA
https://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference

OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20091015/8501860f/attachment.html 


More information about the OWASP-Leaders mailing list