Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:89473
Return-Path: <thruska@cubiclesoft.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 62566 invoked from network); 27 Nov 2015 23:22:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Nov 2015 23:22:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=thruska@cubiclesoft.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=thruska@cubiclesoft.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain cubiclesoft.com designates 74.208.222.236 as permitted sender)
X-PHP-List-Original-Sender: thruska@cubiclesoft.com
X-Host-Fingerprint: 74.208.222.236 u17593298.onlinehome-server.com  
Received: from [74.208.222.236] ([74.208.222.236:51538] helo=u17593298.onlinehome-server.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 66/6B-04444-EC5E8565 for <internals@lists.php.net>; Fri, 27 Nov 2015 18:22:54 -0500
Received: from [127.0.0.1] (localhost [127.0.0.1])	(Authenticated sender: thruska@cubiclesoft.com)	with ESMTPSA id 1052F202D9
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
References: <CAF+90c_pVFVbzqThuPg1V3VDTV-7Ci4O6T6hNtY5XPgVb2Mt-Q@mail.gmail.com>
 <CANUQDChV=WRM6WQiNBq4-9JrvwxF_NY5YbGj3-tvgsPgQbc_pg@mail.gmail.com>
 <CAF+90c9GNzszV-nKfzD=1SGLpJoAfNtok45p7sSQz9A5TqdAdg@mail.gmail.com>
 <56588DBA.9070209@cubiclesoft.com>
 <CAGa2bXY1hR6rwi+hX3ubSpM3-H7ruK5FAQ=KZemKZPHYfw6FdA@mail.gmail.com>
Cc: PHP internals <internals@lists.php.net>
Message-ID: <5658E5C6.8030206@cubiclesoft.com>
Date: Fri, 27 Nov 2015 16:22:46 -0700
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120327
 Thunderbird/11.0.1
MIME-Version: 1.0
In-Reply-To: <CAGa2bXY1hR6rwi+hX3ubSpM3-H7ruK5FAQ=KZemKZPHYfw6FdA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] HashDos protection
From: thruska@cubiclesoft.com (Thomas Hruska)

On 11/27/2015 2:21 PM, Yasuo Ohgaki wrote:
> Hi Thomas,
>
> In practice, we wouldn't have problems with max number of collisions.

Is CLI going to be or can CLI be excluded from max collisions?  After 
thinking about it for a long while, that's my only area of concern here. 
  SAPI can (fatal) error to its heart's content and I'll find ways to 
live with it.  But CLI needs stability guarantees.  'max_input_vars' 
didn't affect CLI.  However, max collisions could negatively affect CLI 
because the change affects all arrays instead of just the superglobals.

Real-world scenario:  About once every 4 to 6 months I will write a 
script to load up a single PHP array with a few million records.  Partly 
because I can and partly because I need to.  On CLI, especially for my 
one-off quick-n-dirty scripts, I don't care how much CPU, RAM, and other 
resources are used nor how much time it takes to complete.  I just care 
that the script finishes running successfully.  If the script reads in a 
record and attempts to add it to the array, the proposed max collisions 
might trigger a fatal error if it hits the max collision limit for 
arrays.  My experience is that CLI is silent about 50% of the time when 
it encounters a fatal error.  So my script would drop back to the prompt 
after spending many minutes to hours loading the data, not having done 
any work, and not emit any error(s).  I would think that it had 
completed successfully until I went to look at the results and the 
results I would be expecting to see wouldn't be there.

I abuse PHP arrays.  Especially on CLI.  Sorry.

-- 
Thomas Hruska
CubicleSoft President

I've got great, time saving software that you will find useful.

http://cubiclesoft.com/