I will probably tell something very stupid, but HTML specs
do not prevent a client to post 1M values with the same name,
so whatever your hash function you cannot do much, can you?

The simplest solution I can think of that prevents all attacks
of this kind (but could reject some valid POST in theory) would
be to store the bucket lengths and use it to detect and reject
"obviously biaised" insertions.


-- 
Caml-list mailing list.  Subscription management and archives:
https://sympa-roc.inria.fr/wws/info/caml-list
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
Bug reports: http://caml.inria.fr/bin/caml-bugs

Reply via email to