Hi Arvids, On Mon, May 11, 2015 at 8:01 PM, Arvids Godjuks <arvids.godj...@gmail.com> wrote:
> Hello, I have read through your blog post, and I agreed on the issue > earlier, nut I have a question that bugs me for a while: what DoS issue are > you talking about? I tried to imagine any scenario that can lead to a DoS > wuith a type hint and can't think of any happening... Too large value raise typeException (Thanks Nikita) DoS is easy on 32 bit CPU machines, but it's possible on 64 bit machines also. Simplest scenario would be client side DoS. Many IoT devices will remain 32 bits and if it gets result value larger than 2 billions, execution may stopped by unhandled exception sudduly. Library/framework uses basic type hint may harm system like this. Some databases support unsigned INT8. Most databases support NUMERIC/DECIMAL which can have value larger signed 64 bit int. If attacker find way to store too large ID somewhere (e.g. as JSON/XML text that queries database), then system may use the value against type hinted functions/methods. Without basic type hints, these concerns weren't existed. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
