From: Edgar Friendly <thelema314@gmail.com>
To: rixed@happyleptic.org
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] Hashtbl and security
Date: Fri, 30 Dec 2011 12:52:11 -0500 [thread overview]
Message-ID: <CAL-jcAk_A7AS6H2LOcuatCoOgOHnP8j8OngrE4=8=+++i84TPw@mail.gmail.com> (raw)
In-Reply-To: <20111230174030.GA29317@yeeloong.happyleptic.org>
[-- Attachment #1: Type: text/plain, Size: 1020 bytes --]
Not a problem, other than memory waste (which doesn't matter the key).
Hashtbl.add prepends to the front of the list, so it'll be fast. And
Hashtbl.find will match the head of the list, and return quickly too.
Hashtbl.find_all will have to go through the whole list, but that's
expected.
E.
On Fri, Dec 30, 2011 at 12:40 PM, <rixed@happyleptic.org> wrote:
> I will probably tell something very stupid, but HTML specs
> do not prevent a client to post 1M values with the same name,
> so whatever your hash function you cannot do much, can you?
>
> The simplest solution I can think of that prevents all attacks
> of this kind (but could reject some valid POST in theory) would
> be to store the bucket lengths and use it to detect and reject
> "obviously biaised" insertions.
>
>
> --
> Caml-list mailing list. Subscription management and archives:
> https://sympa-roc.inria.fr/wws/info/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
>
>
[-- Attachment #2: Type: text/html, Size: 1610 bytes --]
next prev parent reply other threads:[~2011-12-30 17:52 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-30 16:44 Gerd Stolpmann
2011-12-30 16:48 ` Yaron Minsky
2011-12-30 19:01 ` David Allsopp
2011-12-30 20:52 ` Yaron Minsky
2011-12-30 21:54 ` Gerd Stolpmann
2011-12-30 17:06 ` Xavier Leroy
2011-12-30 21:16 ` Gerd Stolpmann
2011-12-31 0:57 ` oliver
2011-12-31 0:59 ` oliver
2012-01-01 12:52 ` Richard W.M. Jones
2012-01-01 17:29 ` Xavier Leroy
2012-01-01 21:04 ` Gerd Stolpmann
2012-01-01 23:24 ` oliver
2012-01-01 23:58 ` Gerd Stolpmann
2012-01-02 1:43 ` oliver
2012-01-04 17:56 ` Damien Doligez
2012-01-04 21:52 ` oliver
2012-01-02 9:34 ` David MENTRE
2012-01-30 10:54 ` Goswin von Brederlow
2011-12-30 17:40 ` rixed
2011-12-30 17:52 ` Edgar Friendly [this message]
2011-12-31 1:02 ` oliver
2011-12-31 0:33 ` oliver
2012-01-02 0:21 ` Shawn Wagner
2012-01-02 14:52 ` Gerd Stolpmann
2012-01-30 10:51 ` Goswin von Brederlow
2012-01-31 14:16 ` Gerd Stolpmann
2012-02-08 9:41 ` Goswin von Brederlow
2012-02-08 10:43 ` Philippe Wang
2012-02-08 10:46 ` AUGER Cédric
2012-02-09 13:22 ` Goswin von Brederlow
2012-02-09 14:48 ` Gerd Stolpmann
2012-02-08 11:12 ` Gerd Stolpmann
2012-02-09 13:11 ` Goswin von Brederlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAL-jcAk_A7AS6H2LOcuatCoOgOHnP8j8OngrE4=8=+++i84TPw@mail.gmail.com' \
--to=thelema314@gmail.com \
--cc=caml-list@inria.fr \
--cc=rixed@happyleptic.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).