Re: Re^2: hash collision DOS (CGI.pm protection)


Do you know where your variables are?
	PerlMonks

Re: Re^2: hash collision DOS (CGI.pm protection)

by Jenda (Abbot)

on Jun 03, 2003 at 10:36 UTC ( [id://262618]=note: print w/replies, xml )

Need Help??

in reply to Re^2: hash collision DOS (CGI.pm protection)
in thread hash collision DOS

PodMaster is right. ->delete() comes too late. And even the $CGI::POST_MAX doesn't help much.

Imagine you have a file upload script. There you need to keep the $CGI::POST_MAX rather high so they may be able to post quite a few CGI parameters. And then even the creation of the hash that CGI.pm uses to store data may take a lot of time. And the grep and delete would only make the issue worse.

Jenda
Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.
-- Rick Osborne

Edit by castaway: Closed small tag in signature

Comment on Re: Re^2: hash collision DOS (CGI.pm protection) Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://262618]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others studying the Monastery: (5)

As of 2024-04-25 10:24 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found