Mark Shannon <m...@hotpy.org> added the comment:
>>> * the method would need to be implemented for all hashable Python types
>> It was already discussed, and it was said that only hash(str) need to
>> be modified.
>
> Really ? What about the much simpler attack on integer hash values ?
>
> You only have to send a specially crafted JSON dictionary with integer
> keys to a Python web server providing JSON interfaces in order to
> trigger the integer hash attack.
JSON objects are decoded as dicts with string keys, integers keys are
not possible.
>>> json.loads(json.dumps({1:2}))
{'1': 2}
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
