On Fri, Dec 30, 2011 at 06:40:30PM +0100, ri...@happyleptic.org wrote:
> I will probably tell something very stupid, but HTML specs
> do not prevent a client to post 1M values with the same name,
> so whatever your hash function you cannot do much, can you?

That's a feature.

> The simplest solution I can think of that prevents all attacks
> of this kind (but could reject some valid POST in theory) would
> be to store the bucket lengths and use it to detect and reject
> "obviously biaised" insertions.

How do you define "obvious" and "biased"?

Sometimes, the distinction between feature and bug
depends on the context...


Caml-list mailing list.  Subscription management and archives:
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
Bug reports: http://caml.inria.fr/bin/caml-bugs

Reply via email to