[Seaside] Buffer Overflow

Lukas Renggli renggli at gmail.com
Wed Sep 5 16:01:45 UTC 2007

> Is there any need to worry about  buffer overflow security holes in Seaside?

The short answer is "no". The worst thing that could possibly happen
is that an exception is throw.

The long answer is "very unlikely". I have seen situations where
objects could access state outside their actual object boundaries,
e.g. if you have a corrupted class hierarchy. If you don't let users
evaluate Smalltalk code coming from the web this should be no problem.

> I ask only because #textAreaInput has no way to constrain the ³size² of the
> data (whereas #textInput has #maxLength:).

That provides no security at all. Web browser are free to ignore these


Lukas Renggli

More information about the Seaside mailing list