Talk:ReDoS References

Computing Low‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Computer Security (assessed as Mid-importance).

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

just look how it is written! thats not wiki standard! — Preceding unsigned comment added by 79.201.163.93 ( talk • contribs) 09:43, 19 July 2010

That's not very helpful, you know.
But really, this article looks much more like a how-to guide than an encyclopedia article.
- Gabrielkfl ( talk) 01:06, 4 March 2011 (UTC) reply

Point out how some regular expression libraries allow the user to specify a timeout for the evaluation of the regex. For example, The .NET Framework 4.5 has that feature. — Preceding unsigned comment added by 76.102.37.19 ( talk) 10:16, 22 March 2012 (UTC) reply

NFA vs. DFA

This article seems to assume all regex engines are NFA or hybrid NFA/DFA, but pure DFA engines do exists-- and they are not susceptible to this type of attack. Namely, non-GNU awk and non-gnu egrep use pure-DFA engines.^[1] -- Lucas.Yamanishi ( talk) 21:05, 30 March 2013 (UTC) reply

References

^ Friedl, Jeffrey E. F. (2006). Andy Oram (ed.). Mastering Regular Expressions (3rd ed.). 1005 Gravenstein Highway North, Sebastopol, CA 95472: O'Reilly Media, Inc. pp. 145–147. ISBN 978-0-596-52812-6.{{ cite book}}: CS1 maint: location ( link)

Article Name

I think the article name is probably incorrect. “ReDoS” doesn't really seem to have a definition outside of this page, “Catastrophic Backtracking,” while it has fewer total results on a google search, at least seems to unambiguously mean this. PiAndWhippedCream ( talk) 19:32, 1 April 2014 (UTC) reply

Java class name regexp

The regular expression ^(([a-z])+.)+[A-Z]([a-z])+$ is just wrong for Java class names – it matches e.g. java-lang+String, not just e.g. java.lang.String. If you correct it to ^(([a-z])+\.)+[A-Z]([a-z])+$, it won't produce any backtracking. (Though it is right, the regexp is still found in the wrong way on the linked page, with a warning linking to this page. I'll try to see how to correct that.) -- Paul Ebermann ( talk) 17:22, 23 June 2017 (UTC) reply

Optimization

It look to me that the example regular expressions could be optimized. Do any implementations optimize such regular expressions? If so, which ones? -- Zzo38 ( talk) 01:30, 23 November 2019 (UTC) reply

[1] Friedl, Jeffrey E. F. (2006). Andy Oram (ed.). Mastering Regular Expressions (3rd ed.). 1005 Gravenstein Highway North, Sebastopol, CA 95472: O'Reilly Media, Inc. pp. 145–147. ISBN 978-0-596-52812-6.{{ cite book}}: CS1 maint: location ( link)

[1]