Version française
Home     About     Download     Resources     Contact us    
Browse thread
[Caml-list] How to secure an OCaml server
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Richard Jones <rich@a...>
Subject: Re: [Caml-list] How to secure an OCaml server
On Sat, Feb 28, 2004 at 08:41:13PM +0100, David MENTRE wrote:
> Hello Thomas,
> 
> Thomas Fischbacher <Thomas.Fischbacher@Physik.Uni-Muenchen.DE> writes:
> 
> > Yes. Another interesting issue that frequently comes up in such situations 
> > is provoking hash collisions.
> 
> Could you elaborate more on this? I don't understand about which hash
> your are talking.

This is a new type of vulnerability discovered fairly recently.  With
much webserver software written in Perl it is (was) possible to upload
patterns of data which would cause degenerate cases in hashes.  That's
to say that the data would be chosen so that it all hashed into the
same bucket in the hash.  This would cause servers to perform O(n^2)
operations, slowing them down and effectively creating a denial of
service.

There is some more information here:

http://www.cs.rice.edu/~scrosby/hash/

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://www.j-london.com/
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
http://www.YouUnlimited.co.uk/ - management courses

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners