English version
Accueil     À propos     Téléchargement     Ressources     Contactez-nous    

Ce site est rarement mis à jour. Pour les informations les plus récentes, rendez-vous sur le nouveau site OCaml à l'adresse ocaml.org.

Browse thread
[Caml-list] How to secure an OCaml server
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: 2004-02-28 (20:20)
From: Richard Jones <rich@a...>
Subject: Re: [Caml-list] How to secure an OCaml server
On Sat, Feb 28, 2004 at 08:41:13PM +0100, David MENTRE wrote:
> Hello Thomas,
> Thomas Fischbacher <Thomas.Fischbacher@Physik.Uni-Muenchen.DE> writes:
> > Yes. Another interesting issue that frequently comes up in such situations 
> > is provoking hash collisions.
> Could you elaborate more on this? I don't understand about which hash
> your are talking.

This is a new type of vulnerability discovered fairly recently.  With
much webserver software written in Perl it is (was) possible to upload
patterns of data which would cause degenerate cases in hashes.  That's
to say that the data would be chosen so that it all hashed into the
same bucket in the hash.  This would cause servers to perform O(n^2)
operations, slowing them down and effectively creating a denial of

There is some more information here:



Richard Jones. http://www.annexia.org/ http://www.j-london.com/
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
http://www.YouUnlimited.co.uk/ - management courses

To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners