[Python-Dev] Counting collisions for the win
Barry Warsaw
barry at python.org
Fri Jan 20 14:20:55 CET 2012
On Jan 20, 2012, at 03:15 PM, Nick Coghlan wrote:
>With the 1000 collision limit in place, the attacker sends their
>massive request, the affected dict quickly hits the limit, throws an
>unhandled exception which is then caught by the web framework and
>turned into a 500 Error response (or whatever's appropriate for the
>protocol being attacked).
Let's just be clear about it: this exception is new public API. Changing
dictionary order is not.
For me, that comes down firmly on the side of the latter rather than the
former for stable releases.
-Barry
More information about the Python-Dev
mailing list