Browse thread
[Caml-list] How to secure an OCaml server
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | 2004-02-28 (20:20) |
| From: | Richard Jones <rich@a...> |
| Subject: | Re: [Caml-list] How to secure an OCaml server |
On Sat, Feb 28, 2004 at 08:41:13PM +0100, David MENTRE wrote: > Hello Thomas, > > Thomas Fischbacher <Thomas.Fischbacher@Physik.Uni-Muenchen.DE> writes: > > > Yes. Another interesting issue that frequently comes up in such situations > > is provoking hash collisions. > > Could you elaborate more on this? I don't understand about which hash > your are talking. This is a new type of vulnerability discovered fairly recently. With much webserver software written in Perl it is (was) possible to upload patterns of data which would cause degenerate cases in hashes. That's to say that the data would be chosen so that it all hashed into the same bucket in the hash. This would cause servers to perform O(n^2) operations, slowing them down and effectively creating a denial of service. There is some more information here: http://www.cs.rice.edu/~scrosby/hash/ Rich. -- Richard Jones. http://www.annexia.org/ http://www.j-london.com/ Merjis Ltd. http://www.merjis.com/ - improving website return on investment http://www.YouUnlimited.co.uk/ - management courses ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners