[Python-Dev] Counting collisions for the win
tjreedy at udel.edu
Fri Jan 20 20:03:36 CET 2012
On 1/20/2012 11:17 AM, Victor Stinner wrote:
> There is no perfect solutions, drawbacks of each solution should be compared.
One possible attack that has been described for a collision counting
dict depends on knowing precisely the trigger point. So let
MAXCOLLISIONS either be configureable or just choose a random count
between M and N, say 700 and 999.
It would not hurt to have alternate patches available in case a
particular Python-powered site comes under prolonged attack. Though
given our miniscule share of the market, than is much less likely that
an attack on a PHP- or MS-powered site.
Terry Jan Reedy
More information about the Python-Dev