On 1/20/2012 11:17 AM, Victor Stinner wrote:
There is no perfect solutions, drawbacks of each solution should be compared.
Amen.
One possible attack that has been described for a collision counting
dict depends on knowing precisely the trigger point. So let
MAXCOLLISIONS either be configureable or just choose a random count
between M and N, say 700 and 999.
It would not hurt to have alternate patches available in case a
particular Python-powered site comes under prolonged attack. Though
given our miniscule share of the market, than is much less likely that
an attack on a PHP- or MS-powered site.
--
Terry Jan Reedy
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
