[Python-Dev] Counting collisions for the win (original) (raw)
David Malcolm dmalcolm at redhat.com
Sat Jan 21 21:22:34 CET 2012
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 2012-01-20 at 16:55 +0100, Frank Sievertsen wrote:
Hello,
I still see at least two ways to create a DOS attack even with the collison-counting-patch.
[snip description of two types of attack on the collision counting approach]
What to do now? I think it's not smart to reduce the number of allowed collisions dramatically AND count all slot-collisions at the same time.
Frank: did you see the new approach I proposed in: http://bugs.python.org/issue13703#msg151735 http://bugs.python.org/file24289/amortized-probe-counting-dmalcolm-2012-01-21-003.patch
(repurposes the ma_smalltable region of large dictionaries to add tracking of each such dict's average iterations taken per modification, and raise an exception when it exceeds a particular ratio)
I'm interested in hearing how it holds up against your various test cases, or what flaws there are in it.
Thanks! Dave
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]