[issue13703] Hash collision security issue
Alex Gaynor
report at bugs.python.org
Wed Jan 4 18:44:50 CET 2012
Alex Gaynor <alex.gaynor at gmail.com> added the comment:
Except, it's a totally non-scalable approach. People have vulnerabilities all over their sites which they don't realize. Some examples:
django-taggit (an application I wrote for handling tags) parses tags out an input, it stores these in a set to check for duplicates. It's vulnerable.
Another site I'm writing accepts JSON POSTs, you can put arbitrary keys in the JSON. It's vulnerable.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list