in reply to Re^2: hash collision DOS (CGI.pm protection)
in thread hash collision DOS
PodMaster is right. ->delete() comes too late. And even the $CGI::POST_MAX doesn't help much.
Imagine you have a file upload script. There you need to keep the $CGI::POST_MAX rather high so they may be able to post quite a few CGI parameters. And then even the creation of the hash that CGI.pm uses to store data may take a lot of time. And the grep and delete would only make the issue worse.
Always code as if the guy who ends up maintaining your code
will be a violent psychopath who knows where you live.
-- Rick Osborne
Edit by castaway: Closed small tag in signature