On Wed, Sep 21, 2016 at 11:26 AM, Stanislav Malyshev
>> I think we are better to limit max collisions.
>> I'm +1 for Nikita's proposal does this.
> Max collision per what? How much would be the limit?
Collision by keys.
It would be nice to have configurable limit like regex stack/backtrack limit.
That said, wouldn't 1000 enough for almost all apps?
Anyway, we have two choices
- Simply limit the number of collisions. (Fast and has no impact to code)
- Use crypt safe hash and salt. (Slow and has impact to opcache/etc)
Limiting something is good to have sometimes.
Python even limits number of recursions to 1000 by default.
We have PCRE stack/backtrack limits. (We'll have mbregex stack limit soon)
Collision limit is good one also.
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php