On 1/18/2012 9:52 AM, "Martin v. Löwis" wrote:
I've been seriously considering implementing a balanced tree inside the dict (again for string-only dicts, as ordering can't be guaranteed otherwise). However, this would be a lot of code for a security fix. It*would* solve the issue for good, though.
To handle keys containing non-orderable keys along with strings, which are equally vulnerable to string-only keys, especially if the non-string components can have fixed values during an attack, you could simply use their hash value as an orderable proxy for the non-orderable key components.
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
