Good morning,
I hope everyone has seen the news about the Hash Table Vulnerability in lots of web scripting languages. You can read about it here: http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos- massive-scale or here http://www.kb.cert.org/vuls/id/903934. It looks like PHP has addressed the issue (http://www.php.net/archive/2011.php#id2011-12-25-1) by providing a max var directive in the latest RC5 for 5.4.0. However, with all release candidates they are strongly advising against using it in production. What is the general consensus for mitigating this risk without moving to RC5? We are limiting the execution time of our scripts, however for upload scripts or processing intensive scripts we need to increase the execution time which I image would leave those scripts more vulnerable. Thanks, Hans Kaspersetz Cyber X Designs http://cyberxdesigns.com
_______________________________________________ New York PHP Users Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/Show-Participation
