[Python-Dev] Counting collisions for the win

Barry Warsaw barry at python.org
Fri Jan 20 14:20:55 CET 2012

On Jan 20, 2012, at 03:15 PM, Nick Coghlan wrote:

>With the 1000 collision limit in place, the attacker sends their
>massive request, the affected dict quickly hits the limit, throws an
>unhandled exception which is then caught by the web framework and
>turned into a 500 Error response (or whatever's appropriate for the
>protocol being attacked).

Let's just be clear about it: this exception is new public API.  Changing
dictionary order is not.

For me, that comes down firmly on the side of the latter rather than the
former for stable releases.


More information about the Python-Dev mailing list