Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

DOS attack with hash collisions (Perl rulez)

by LanX (Chancellor)
on Dec 29, 2011 at 16:28 UTC ( #945526=perlquestion: print w/replies, xml ) Need Help??
LanX has asked for the wisdom of the Perl Monks concerning the following question:

Hi

Germany's biggest online-newspaper puplished today that most webservers are vulnerable because of hash-collisions in web-languages.

Since they didn't mention Perl, I did some investigation finding this publication

http://www.nruns.com/_downloads/advisory28122011.pdf

So Perl already fixed this in 2003 and the authors used this knowledge to attack the other languages ... xD

see also hash collision DOS

I remember that this issue was mentioned somewhere in the perldocs (IMHO regarding the unpredictable order of storing hash-values)...

Question: Can someone help me find the corresponding perldocs?

Cheers Rolf

  • Comment on DOS attack with hash collisions (Perl rulez)

Replies are listed 'Best First'.
Re: DOS attack with hash collisions (Perl rulez)
by RedElk (Hermit) on Dec 29, 2011 at 17:05 UTC

    This what you are looking for?

      Exactly! Thanks! :)

      Cheers Rolf

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://945526]
Approved by ikegami
Front-paged by Arunbear
help
Chatterbox?
[james28909]: I have a problem I am trying to solve. I am packaging scripts using pdk and would like the verify the executable name each time it is executed
[Corion]: Hi James!
[james28909]: I looked through the docs, and see that PerlApp::exe() is suppose to return this information but whenever i try to use this, i get the error "Undefined subroutine &PerlApp::exe called"
[james28909]: i just want to verify the integrity of the executables name each time it is run.
[Corion]: Weird. this documentation says what you say.
[Corion]: I assume you are experiencing this with your packaged program. Maybe also include PerlApp.pm in the packaging list?
[james28909]: has anyone else run into this problem? i have tried searching but have not returned many results
[james28909]: ah, good idea.
[Corion]: What does print $PerlApp::VERSION output?

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (13)
As of 2017-07-28 13:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I came, I saw, I ...
























    Results (429 votes). Check out past polls.