On Wed, Oct 08, 2003 at 05:05:55PM -0400, Kevin Old wrote: > Hello everyone, > > I've seen several references on the Perl5 Porters mailing list about > Perl 5.8.1's hash randomization. Can someone explain actually what it > is, why I'd want to use it and how to use it?
Perl has never guaranteed the order of hashes, that is the order in which the results of keys() or values() or each() will be returned. However, it has always been the case that the ordering was at least consistent for a particular version of perl if the hash was populated consistently. This knowledge could be expoited to launch a Denial of Service Attack (Algorithmic Complexity Attack) and so, primarily for security reasons, the ordering within the hash now really is random, every time you examine the hash. You don't need to do anything to get this behaviour. From 5.8.1 it is the default behaviour - security should be the default. You may find that if you have mistakenly made assumptions about the ordering of hashes that your programs will start to fail. This is really a bug in your program that will need to be fixed. If this is not an option you want to pursue you can also turn off the hash randomisation either for a particular run of your program, or you can completely disable the behaviour at compile time. > I've not seen it discussed on any of the major perl sites, just in the > weekly perl5-porters summary. For more information perldoc perl581delta. -- Paul Johnson - [EMAIL PROTECTED] http://www.pjcj.net -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
