Is it safe to run dot liquid in a multi-tenant environment?

[vinay singh]

I understand from the documentation that liquid templates expose a limited set of filters that cannot be exploited to gain elevated access or jeopardize the security of the server. However, is it safe from denial of service (DDoS) attacks? For example, can someone use nested for loops that could take forever to compute taking up significant CPU / memory? Or are there protections in the engine to avoid such scenarios?

[David Burg]

There are limited protections against DoS (nevermind DDoS) such as limiting the number of operations but in general you need to devise your own security measure to protect against such attacks against dot Liquid.

With regards,

David.