David Garamond wrote: > i'm creating a web interface for users to add their own mail filtering > rules. the rules allow them to specify regexes to match headers and mail > body. however, i'm a little concerned with how users can accidentally/ > intentionally use too complex regexes like this "(a+.*(b+.+(c*.+)*.*))*" > and the machine will just crawl when doing matching. > > is there some way i can limit the amount of cpu time/amount of > backtracking/etc when doing regex matching? or do i have to resort to > os-based resource limiting? > > -- > dave
The Perl book (I think it's the Programming Perl) has an example where a certain reg. exp and string combination can make Perl's reg. engine run forever (in terms of years!) because of backtracking. The solution the book generally recommand is to use one of the newer reg. exp extension with positive, negative look ahead, etc. You might want to check it out. Since you are letting user directly entering their reg. exp., the above probably won't work. Why not just time out the reg. exp if it's taking longer than you allow? For example, you can time out the match if it's taking longer tank 3 seconds? This method is used quit extensively when people want to time out slow system calls. david -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
