[Python-Dev] Hashing proposal: change only string-only dicts
Glenn Linderman
v+python at g.nevcal.com
Wed Jan 18 20:09:27 CET 2012
On 1/18/2012 9:52 AM, "Martin v. Löwis" wrote:
> I've been seriously considering implementing a balanced tree inside
> the dict (again for string-only dicts, as ordering can't be guaranteed
> otherwise). However, this would be a lot of code for a security fix.
> It*would* solve the issue for good, though.
To handle keys containing non-orderable keys along with strings, which
are equally vulnerable to string-only keys, especially if the non-string
components can have fixed values during an attack, you could simply use
their hash value as an orderable proxy for the non-orderable key components.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120118/9764de56/attachment.html>
More information about the Python-Dev
mailing list