[Python-Dev] Counting collisions for the win

Terry Reedy tjreedy at udel.edu
Fri Jan 20 20:03:36 CET 2012

On 1/20/2012 11:17 AM, Victor Stinner wrote:

> There is no perfect solutions, drawbacks of each solution should be compared.


One possible attack that has been described for a collision counting 
dict depends on knowing precisely the trigger point. So let 
MAXCOLLISIONS either be configureable or just choose a random count 
between M and N, say 700 and 999.

It would not hurt to have alternate patches available in case a 
particular Python-powered site comes under prolonged attack. Though 
given our miniscule share of the market, than is much less likely that 
an attack on a PHP- or MS-powered site.

Terry Jan Reedy

More information about the Python-Dev mailing list