Hi folks,
In draft-murchison-sieve-regex-02.txt it says
Security considerations are discussed in [SIEVE]. It is believed
that this extension doesn't introduce any additional security
concerns.
What if I write a regular expresssion that may be utterly meaningless, but
processor hungry. Could we not potentially crash the server as it tries to
match this against part (or all) of the message?
I bring this up as I have just been working with a WIN32 RegEx
implementation that freezes up if you type in the regular expression
(.*)*
I'd rather not have a user type in this as a regular expression and freeze
up my mail server!
Is this a potential security problem, or have I just had a bad experience
with a bad RegEx implementation?
Nigel