> I'm not so sure of this now - unless, again, I misunderstand what we're
> counting.

It just occurred to me that I possibly do misunderstand what is counted
- if the proposal is to count collisions per lookup.

I rerun my scripts with that assumption and turns out the longest
collision chain I have is about 8. So in this case - if I'm
understanding it right now - my argument about limit is wrong and
collision chain length *is* like recursion.

In which case some limit like 1000 (just random number but can be
tested) would probably be OK. The question now is would it be enough to
block DoS? I.e. if we construct data to cause 999 collisions each time
to stay just under the limit, can we still cause trouble or not? It's
still almost 1000 times slower it's supposed to be...

P.S. Sorry for the confusion and the noise, I hope I got the proposed
solution right this time.
Stas Malyshev

PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to