I will probably tell something very stupid, but HTML specs do not prevent a client to post 1M values with the same name, so whatever your hash function you cannot do much, can you?
The simplest solution I can think of that prevents all attacks of this kind (but could reject some valid POST in theory) would be to store the bucket lengths and use it to detect and reject "obviously biaised" insertions. -- Caml-list mailing list. Subscription management and archives: https://sympa-roc.inria.fr/wws/info/caml-list Beginner's list: http://groups.yahoo.com/group/ocaml_beginners Bug reports: http://caml.inria.fr/bin/caml-bugs
