From mboxrd@z Thu Jan  1 00:00:00 1970
Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id WAA14630; Sat, 28 Feb 2004 22:04:25 +0100 (MET)
X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f
Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id WAA14080 for <caml-list@pauillac.inria.fr>; Sat, 28 Feb 2004 22:04:24 +0100 (MET)
Received: from mwinf0601.wanadoo.fr (smtp6.wanadoo.fr [193.252.22.25])
	by nez-perce.inria.fr (8.12.10/8.12.10) with ESMTP id i1SL4TIq025266
	for <caml-list@inria.fr>; Sat, 28 Feb 2004 22:04:29 +0100
Received: from morgana (ARennes-303-1-6-136.w80-13.abo.wanadoo.fr [80.13.129.136])
	by mwinf0601.wanadoo.fr (SMTP Server) with ESMTP
	id C73433400148; Sat, 28 Feb 2004 22:04:22 +0100 (CET)
Received: from david by morgana with local (Exim 4.30)
	id 1AxBdD-00014Y-Oy; Sat, 28 Feb 2004 22:04:19 +0100
To: Thomas Fischbacher <Thomas.Fischbacher@Physik.Uni-Muenchen.DE>
Cc: Richard Jones <rich@annexia.org>, caml-list@inria.fr
Subject: Re: [Caml-list] How to secure an OCaml server
References: <87llmnme9b.fsf@linux-france.org>
	<vfioerj9msl.fsf@tuba.is.s.u-tokyo.ac.jp>
	<20040228165400.GA24495@redhat.com>
	<Pine.LNX.4.58.0402281805260.5837@seekar.cip.physik.uni-muenchen.de>
	<877jy7kn52.fsf@linux-france.org>
	<Pine.LNX.4.58.0402282112120.7058@seekar.cip.physik.uni-muenchen.de>
From: David MENTRE <dmentre@linux-france.org>
Organization: none
Date: Sat, 28 Feb 2004 22:04:19 +0100
In-Reply-To: <Pine.LNX.4.58.0402282112120.7058@seekar.cip.physik.uni-muenchen.de> (Thomas
 Fischbacher's message of "Sat, 28 Feb 2004 21:24:13 +0100 (CET)")
Message-ID: <87y8qmkjak.fsf@linux-france.org>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Miltered: at nez-perce by Joe's j-chkmail ("http://j-chkmail.ensmp.fr")!
X-Loop: caml-list@inria.fr
X-Spam: no; 0.00; caml-list:01 dmentre:01 physik:01 hash:01 hash:01 yutaka:01 dmentre:01 ocaml:01 writes:01 mentre:01 mentre:01 external:03 external:03 perl:03 data:03 
Sender: owner-caml-list@pauillac.inria.fr
Precedence: bulk

Thomas Fischbacher <Thomas.Fischbacher@Physik.Uni-Muenchen.DE> writes:

> This is a quite general situation that comes up when you store data on 
> your server in a hash in such a way that an external source can control at 
> least part of the hash keys.

Ok, thanks for the explanation. 

That might be an issue in my program as I'm using a lot of hash tables
(Perl habits ;). I still need to determine if those hash tables are
influenced by external output, in current and next design. Or I might
drop those hash tables in favor of more suitable data structures for
performance and security reason. I've not yet considered performance
issues.

Any way, many thanks Thomas and Richard for your explanations.

And thank you also Yutaka for your initial comments.

Yours,
david
-- 
 David Mentré <dmentre@linux-france.org>

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners