I did think of one problem: denial of service by stealing CPU.

 

Imagine, intentionally or by accident, filter code is submitted which draws a lot of CPU (e.g. an infinite loop by design or accident).

 

Malicious code injected into 1 browser would affect only that browser.

 

If 1 client attempted denial of service by spamming messages, an uncompromised server could still throttle traffic from the errant client.

 

I still think there’s enough risk here to push this from the 1st release.

 

But thanks for the link, I’ll track your project.

 

 

 

 

Sent from Mail for Windows 10

 

From: Ringo Wathelet
Sent: Thursday, March 23, 2017 7:51 PM
To: [log in to unmask]
Subject: Re: filtering system

 

Thank you for taking the time to reply.

 

1) Most languages have access to very good javascript engine (almost always free and open source).

In java it is built-in, and it took only a few lines of code.

In C++/Dart/Python/Swift/C#/Go... its even easier, typically:  engine.eval(theJSscript)

 

2) Security, I'm no expert either. I guess that "...if malicious code could be injected into the server",

then it could be injected into the browser as well.

 

I have setup a github repository with my test json server at:

 

    https://github.com/workingDog/mikan

 

########################################################################

 

To unsubscribe from the SAC-PDG-WEBLVC list, click the following link:

https://discussions.sisostds.org/index.htm?SUBED1=SAC-PDG-WEBLVC&A=1

 



To unsubscribe from the SAC-PDG-WEBLVC list, click the following link:
https://discussions.sisostds.org/index.htm?SUBED1=SAC-PDG-WEBLVC&A=1