On Thu, 29 Dec 2011 03:55:22 +0100 Christian Heimes <lists at cheimes.de> wrote: > > I've been dealing with web stuff and security for almost a decade. I've > seen far worse attack vectors. This one can easily be solved with a > couple of lines of Python code. For example Application developers can > limit the maximum amount of POST parameters to a sensible amount and > limit the length of each key, too. Shouldn't the setting be implemented by frameworks? > CPython could aid developers with a special subclass of dict. The > crucial lookup function is already overwrite-able per dict instance and > on subclasses of dict through PyDictObj's struct member PyDictEntry > *(*ma_lookup)(PyDictObject *mp, PyObject *key, long hash). For example > specialized subclass could limit the seach for a free slot to n > recursions or choose to ignore the hash argument and calculate its own > hash of the key. Or, rather, the specialized subclass could implement hash randomization. Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4