|
|
Log in / Subscribe / Register

Semi-closing a hole

Semi-closing a hole

Posted Apr 12, 2012 8:15 UTC (Thu) by man_ls (guest, #15091)
In reply to: Semi-closing a hole by corbet
Parent article: Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3 security release

I would assume that Python web servers are already prepared to deal with unexpected exceptions anywhere in the process: a simple try...except at the bottom of the request processing chain would be enough.

Perhaps my solution was too naïve, and a cleverer algorithm is required. The original LWN article back from January provided some interesting comments, besides a quickly escalating flame war about sorting algorithms. One of them was "change the hash function at run time if any of the hash chains exceeds a specified length". Or "switch to a balanced binary tree".

The downside would be that DoS prevention would be delegated to code which is seldom used, and which is therefore prone to breaking. But in these days of automated testing this problem could be easily managed by CPython devs. IMHO anything would be better than deferring the decision to the person running the code!

to post comments

Semi-closing a hole

Posted Apr 12, 2012 14:56 UTC (Thu) by JanC_ (guest, #34940) [Link]

This does not only affect web servers, but any programs that get "untrusted input" in one way or another (which is the majority of all software out there).


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds