&#xfeff;<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="EN" xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN">
<head>
<title> Limitations of the rule sandbox security model </title>
<meta name="Generator" content="Author-it" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="Keywords" content=""/>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_toc.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="open_parent.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_load.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_search.js"></script>
<link rel="stylesheet" type="text/css" href="newwave.css"/>
<link rel="stylesheet" type="text/css" href="index_stylesheet.css"/>
<base target="CONTENT"/>
<script>window.ohcglobal || document.write('<script src="/en/dcommon/js/global.js">\x3C/script>')</script></head>
<body onload="loadParent();;bodyLoad();;;if (isTOCLoaded()) {expand('206396');expand('206392');highlight('206941')}" text="#000000" link="#0000A0" alink="#008000" vlink="#FF0000">
	<div id="searchResultsNone"></div>
	<div id="content" style="padding-bottom: 50px;">
		<table summary="" class="relatedtopics aboveheading" cellpadding="0" cellspacing="0" border="0">
<tr valign="top">
<td width= "18">
<p class="bodytext"><a href="206940.htm" target="_self"><img width="34" height="34" src="125.gif" alt="Previous Topic" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
<td width= "18">
<p class="bodytext"><a href="219888.htm" target="_self"><img width="33" height="34" src="124.gif" alt="Next Topic" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
<td width= "48">
<p class="bodytext"><a href="javascript:expand('206396');expand('206392');highlight('206941')" onclick="loadTOC()" target="_self"><img width="165" height="27" src="122.gif" alt="Book Contents" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
</tr>
</table>
<h3 class="heading3">Limitations of the rule sandbox security model</h3>
<p class="bodytext">The rule sandbox security model has several limitations:</p>
<ul class="listbullet"><li class="listbullet">The following DoS attacks can occur:<ul class="listbullet2"><li class="listbullet2">Infinite sleep keeping the worker thread locked. Over time, such rules silently take all threads and starve the application.</li><li class="listbullet2">Infinite loop consuming CPU cycles and slowing down the machine.</li><li class="listbullet2">Writing a large amount of data to the event log and slowing down the application.</li><li class="listbullet2">Allocating a large amount of memory.</li></ul></li><li class="listbullet">Clinical data corruption can use the legitimate interface of the Rule Application Model.</li><li class="listbullet">Due to human error, the incorrect public key can be installed into the certificate store and establish trust for a bad user-defined function assembly.</li></ul>

		
	</div>
	<div id="feedback"><a href="mailto:inform_doc_feedback_grp@oracle.com?Subject=Comments about the Central Designer 6.3 Secure Development Guide - Limitations of the rule sandbox security model" target="_top"><img width="24" height="108" src="feedback.gif" alt="Send Feedback"></a>
	</div>
	
	<div id="foot">		
			<ul style="padding: 0;">
				<li class="footer" style="padding: 0 7px 0 0;"><a href="217485.htm">Access to Oracle Support</a></li>
				<li class="footer"><a href="http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc" target="_blank">Accessibility</a></li>
				<li class="footer" style="border-right-style: none;"><a href="217488.htm">Legal Notices</a></li>
			</ul>
			<p style="font-size:12px;">Copyright &copy; 2019 Oracle and/or its affiliates. All rights reserved.</p>
	</div>
<noscript>
<p>Scripting on this page enhances content navigation, but does not change the content in any way.</p>
</noscript>
</body>
</html>
<footer>
</footer>
<noscript>
<p>Scripting on this page enhances content navigation, but does not change the content in any way.</p>
</noscript>
<script>$(document).foundation();</script>
</body>
</html>