On Thu, Dec 29, 2011 at 12:10 PM, Paul McMillan <[email protected]> wrote: ... >> That seems like a simpler workaround than arch upgrade or replacing >> dict implementation. > > This problem has nothing to do with slowloris. > > Replacing dict implementation prevents an attacker from producing keys > which are intentionally n^2 hard for dictionary operations.
Sure, I understand these are 2 different attack vectors. I just meant that putting a proxy in front is a general solution that isn't invasive to app code. It seems that this crafted-hash-collision vector doesn't have a clean answer like that. There are workarounds, but they may not apply to particular codebases. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
