On Fri, Dec 30, 2011 at 06:40:30PM +0100, ri...@happyleptic.org wrote: > I will probably tell something very stupid, but HTML specs > do not prevent a client to post 1M values with the same name, > so whatever your hash function you cannot do much, can you? [...]
That's a feature. > > The simplest solution I can think of that prevents all attacks > of this kind (but could reject some valid POST in theory) would > be to store the bucket lengths and use it to detect and reject > "obviously biaised" insertions. [...] How do you define "obvious" and "biased"? Sometimes, the distinction between feature and bug depends on the context... Ciao, Oliver -- Caml-list mailing list. Subscription management and archives: https://sympa-roc.inria.fr/wws/info/caml-list Beginner's list: http://groups.yahoo.com/group/ocaml_beginners Bug reports: http://caml.inria.fr/bin/caml-bugs