[Python-Dev] Hashing proposal: change only string-only dicts

Glenn Linderman v+python at g.nevcal.com
Wed Jan 18 20:09:27 CET 2012

On 1/18/2012 9:52 AM, "Martin v. Löwis" wrote:
> I've been seriously considering implementing a balanced tree inside
> the dict (again for string-only dicts, as ordering can't be guaranteed
> otherwise). However, this would be a lot of code for a security fix.
> It*would*  solve the issue for good, though.

To handle keys containing non-orderable keys along with strings, which 
are equally vulnerable to string-only keys, especially if the non-string 
components can have fixed values during an attack, you could simply use 
their hash value as an orderable proxy for the non-orderable key components.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120118/9764de56/attachment.html>

More information about the Python-Dev mailing list