On 1/5/2012 3:10 PM, Ethan Furman wrote: > Tres Seaver wrote: >>> 1) the security problem is not in CPython, but rather in web servers >>> that use dict inappropriately. >> >> Most webapp vulnerabilities are due to their use of Python's cgi module, >> which it uses a dict to hold the form / query string data being supplied >> by untrusted external users. > > And Glenn suggested further down that an appropriate course of action > would be to fix the cgi module (and others) instead of messing with dict. I think both should be done. For web applications, it would be best to reject DOS attempts with 'random' keys in O(1) time rather than in O(n) time even with improved hash. But some other apps, like the Python interpreter itself, 'random' names may be quite normal. -- Terry Jan Reedy
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4