Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:89463 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 22011 invoked from network); 27 Nov 2015 13:00:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Nov 2015 13:00:37 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.221 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.221 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.221] ([81.169.146.221:16031] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E7/76-04444-3F358565 for ; Fri, 27 Nov 2015 08:00:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1448629232; l=2423; s=domk; d=kelunik.com; h=Content-Type:Cc:To:From:Subject:Date:References:In-Reply-To: MIME-Version; bh=48IlTlAJdpZre7qSov07YTT09qvQcvpFUkUC/zAMKMQ=; b=SvzIGtdAxtKxfp1IJxfdxk5z9eKAdJoJkbPZbN2KqRfGZRXiylF2GolE0g1tkSPE9+N AKy5Li6wITEZc7w+C1sofmllcmoj38MMbZ64ZhTWlNUbppg+MAl30bbo0MJ3R3/rDH1Gs 5OZlGQgBbOEqvMK0LHGOo/YgyrIqYWh4Af4= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtO3Y6 X-RZG-CLASS-ID: mo00 Received: from mail-wm0-f45.google.com ([74.125.82.45]) by smtp.strato.de (RZmta 37.14 AUTH) with ESMTPSA id N02cberARD0WAur (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Fri, 27 Nov 2015 14:00:32 +0100 (CET) Received: by wmec201 with SMTP id c201so69562707wme.0 for ; Fri, 27 Nov 2015 05:00:31 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.194.185.42 with SMTP id ez10mr63985477wjc.82.1448629231990; Fri, 27 Nov 2015 05:00:31 -0800 (PST) Received: by 10.194.22.5 with HTTP; Fri, 27 Nov 2015 05:00:31 -0800 (PST) In-Reply-To: References: Date: Fri, 27 Nov 2015 14:00:31 +0100 X-Gmail-Original-Message-ID: Message-ID: To: Yasuo Ohgaki Cc: Nikita Popov , PHP internals , Anatol Belski , Remi Collet Content-Type: multipart/alternative; boundary=047d7b874b32c8c7b405258546ad Subject: Re: [PHP-DEV] HashDos protection From: me@kelunik.com (Niklas Keller) --047d7b874b32c8c7b405258546ad Content-Type: text/plain; charset=UTF-8 Currently it's not catchable, that's my main concern. If it's catchable, it's not that much of a problem. Regards, Niklas 2015-11-27 10:05 GMT+01:00 Yasuo Ohgaki : > Hi Nikita, > > On Fri, Nov 27, 2015 at 2:24 AM, Nikita Popov > wrote: > > What are your thoughts on this? > > Great! This is exactly what I was thinking. > I prefer collision counting rather than slower hash function. > > Hardcoded collision max (1000) seems ok for me. > Catchable fatal error, at least E_RECOVERABLE_ERROR, is preferred, IMHO. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --047d7b874b32c8c7b405258546ad--