Re: [PHP-DEV] HashDoS

Hi Stas, On Wed, Sep 21, 2016 at 11:26 AM, Stanislav Malyshev wrote: > >> I think we are better to limit max collisions. >> I'm +1 for Nikita's proposal does this. > > Max collision per what? How much would be the limit? Collision by keys. It would be nice to have configurable limit like regex

Re: [PHP-DEV] HashDoS

Hi! > I think we are better to limit max collisions. > I'm +1 for Nikita's proposal does this. Max collision per what? How much would be the limit? -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] HashDoS

Hi! > - Do you think your proposed strategy can solve this problem entirely > without dropping djb3? > - Would randomization still help as a defense-in-depth? Note that to avoid problems with opcache we can only randomize on initial boot (even then synchronizing among different processes sharing

[PHP-DEV] Editing the wiki

Login: simplesamples Real Name: Sam Hobbs I intend to improve the following article: PHP: internals:windows:stepbystepbuild https://wiki.php.net/internals/windows/stepbystepbuild -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] HashDoS

On Sat, Sep 17, 2016 at 6:35 PM, Yasuo Ohgaki wrote: > Hi all, > > On Sat, Sep 17, 2016 at 5:13 PM, Stanislav Malyshev > wrote: > >> Significant degradation? > >> > >> SipHash 1-3 is almost as fast as HashDoS-vulnerable hash > >> functions: https://github.com/funny-falcon/funny_hash > > > > I se

[PHP-DEV] Re: HashDoS

On 9/15/16 2:48 PM, Scott Arciszewski wrote: Would the Internals team be open to discussing mitigating HashDoS in a future version of PHP? i.e. everywhere, even for json_decode() and friends, by fixing the problem rather than capping the maximum number of input parameters and hoping it's good en

Re: [PHP-DEV] HashDoS

On 9/16/16 1:59 AM, Thomas Hruska wrote: If anyone wants a VERY rough estimate of relative performance degradation as a result of switching to SipHash, here's a somewhat naive C++ implementation of a similar data structure to that found in PHP: https://github.com/cubiclesoft/cross-platform-cpp

Re: [PHP-DEV] Do You think PHP's SOAP client should have an option to virtuallyAdd (for XSD imports!) missing end-slash in the URI to WSDL? I do!

I think it should not. Your pull request fixes a problem in that WSDL. The WSDL is located at the URL `https://pg.eet.cz/eet/services/EETServiceSOAP/v3?wsdl`. It references an XML Schema file at `EETXMLSchema.xsd`, which is a relative location, so it's looked for relative to the containing docu

Re: [PHP-DEV] RFC: Strict comparisons

On 19 September 2016 14:04:48 BST, Vesa Kaihlavirta wrote: >My idea is to add a strict_comparisons declaration that you can add at >the >beginning of a file in the same way as strict_types. The effect would >be >that all normal comparisons would make a type check before doing the >actual >comparis

[PHP-DEV] Call for help, bug #73087

Hello, PHP Developers, It seems there is no maintainer for some time for PDO Firebird package. We found a bug, made a test case for one long time bug memory corruption and leaks. More details here: https://bugs.php.net/bug.php?id=73087 It is related to old one, from 2012 hard to reproduce: https:/

[PHP-DEV] BAD Benchmark Results for PHP Master 2016-09-20

Results for project PHP master, build date 2016-09-20 06:24:38+03:00 commit: dc59aaf previous commit:fa5dda4 revision date: 2016-09-20 01:38:28+02:00 environment:Haswell-EP cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2, LLC 45 MB

[PHP-DEV] Do You think PHP's SOAP client should have an option to virtuallyAdd (for XSD imports!) missing end-slash in the URI to WSDL? I do!

Hello to all PHP developers! If You are interested how we could improve SOAPClient a bit, please, see my last comment here to understand my *WHYs*. :-) *https://github.com/php/php-src/pull/2121 * This pull request is in no way complete. It

[PHP-DEV] PHP wiki

Hello. My name is Ivan and my username on PHP wiki is paalomnik. I am software engineer in company, which specialized on PHP projects.