On Tue, Jan 24, 2012 at 12:17 AM, Stefan Behnel <stefan...@behnel.de> wrote: > Chris Angelico, 24.01.2012 05:47: >> Lua and Pike both quite happily solved hash collision attacks in their >> interning of strings by randomizing the hash used, because there's no >> way to rely on it. Presumably (based on the intern() docs) Python can >> do the same, if you explicitly intern your strings first. Is it worth >> recommending that people do this with anything that is >> client-provided, and then simply randomize the intern() hash? > > If you want to encourage them to fill up their memory with user provided > data in a non-erasable way,
Actually, quoth intern()'s docs: "Interned strings are not immortal; you must keep a reference to the return value of intern() around to benefit from it." Cheers, Chris -- http://mail.python.org/mailman/listinfo/python-list
