[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Hash Table Collisions (n.runs-SA-2011.004)
- From: Rob Kendrick <rjek@...>
- Date: Tue, 3 Jan 2012 22:48:15 +0000
On Tue, Jan 03, 2012 at 10:30:59PM +0100, Ashwin Hirschi wrote:
>
> >This sort of attack is only an issue in a very narrow range of
> >applications, and the people developing those applications need to be
> >aware of the issue.
>
> Please check your calendar. We're writing 2012 and software that
> somehow interacts with/across the Internet is not considered to be
> in a "narrow range" (by any stretch of the imagination).
Almost none of my code written in Lua in the past decade would enter
directly into a long-life hash table anything provided by an untrusted
user. I'm sure I'm not alone.
B.