[Python-Dev] Counting collisions for the win (original) (raw)
Barry Warsaw barry at python.org
Fri Jan 20 14:20:55 CET 2012
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jan 20, 2012, at 03:15 PM, Nick Coghlan wrote:
With the 1000 collision limit in place, the attacker sends their massive request, the affected dict quickly hits the limit, throws an unhandled exception which is then caught by the web framework and turned into a 500 Error response (or whatever's appropriate for the protocol being attacked).
Let's just be clear about it: this exception is new public API. Changing dictionary order is not.
For me, that comes down firmly on the side of the latter rather than the former for stable releases.
-Barry
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]