[Python-Dev] Hash collision security issue (now public) (original) (raw)

Tres Seaver tseaver at palladion.com
Thu Jan 5 20:49:53 CET 2012

• Previous message: [Python-Dev] Hash collision security issue (now public)
• Next message: [Python-Dev] Hash collision security issue (now public)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 01/05/2012 02:14 PM, Glenn Linderman wrote:

1) the security problem is not in CPython, but rather in web servers that use dict inappropriately.

Most webapp vulnerabilities are due to their use of Python's cgi module, which it uses a dict to hold the form / query string data being supplied by untrusted external users.

Tres. - --

Tres Seaver +1 540-429-0999 tseaver at palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8F/uEACgkQ+gerLs4ltQ679QCgqKPYYwEetKR3bEMVh5eukLin cA8An3XJMYWhK5MutjbOCxCfYzKXmDzc =V3lh -----END PGP SIGNATURE-----

• Previous message: [Python-Dev] Hash collision security issue (now public)
• Next message: [Python-Dev] Hash collision security issue (now public)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list