Security Concern, massive CGI or Headers problems?

["Narins, Josh" <jo...@lehman.com>]

I, rather blindly, put a reference to a hash of the HTTP headers and hash of
the CGI params in pnotes for most requests.

Technically, a poorly formed loop might DOS a child if the number of params
or headers is evilly large.

For instance, someone silly could write

my $params = $r->pnotes('params');
foreach my $key_1 (keys %$params) {
  foreach my $key_2 (keys %$params) {
    next if $key_1 eq $key_2;
    warn "duplicate message from $key_1 and $key_2" if $params->{$key_1} eq
$params->{$key_2}
  }
}

Of course that's silly code, but, looping over the params or headers is
certainly not an impossibility.

Do I need to, should I do any checks before stashing these values in pnotes?

Thx



------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the designated recipient(s) named above.  If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited.  This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers.  Email transmission cannot be guaranteed to be secure or error-free.  Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such.  All information is subject to change without notice.