Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:89486 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 75823 invoked from network); 29 Nov 2015 20:49:45 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 Nov 2015 20:49:45 -0000 Authentication-Results: pb1.pair.com header.from=morrison.levi@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=morrison.levi@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.49 as permitted sender) X-PHP-List-Original-Sender: morrison.levi@gmail.com X-Host-Fingerprint: 209.85.213.49 mail-vk0-f49.google.com Received: from [209.85.213.49] ([209.85.213.49:34519] helo=mail-vk0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8D/45-04444-8E46B565 for ; Sun, 29 Nov 2015 15:49:45 -0500 Received: by vkbs1 with SMTP id s1so91547796vkb.1 for ; Sun, 29 Nov 2015 12:49:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=XdfsllJ5c5THQpOa8dVv6g0XpUz47JK0B/Wb7Hxfykc=; b=vXSh4G4qOzVDhhWcU2DxIMnefxgSxj1h4VdcBlfybyM25wdiSjh/30wlRCYv8fA5To BLDl9g0qPV64U4i9gRw3GImvFD46q6DWTqI2SaYEPGEhLCqTllgXs4IC8pW/FPbv6Oe0 aiOF2MXA8oCleR10s0RF3vwi6LESokVFIB5eK8OqEp5opnNEFBrgikDXLtfWsVr2slbI iRLRE+6Al/enrWJE0F/HSoT/6TiFXvwxjP35uMfAtuOXedufaqmdYTHAhYxb3sOWVtYS VFC3B7uMjtkE1wY8k4MPCVLCDB/YWUwM1muGCj3N69F4OmKgMbWwCN/Z67KYsi/6jBVn pP0A== MIME-Version: 1.0 X-Received: by 10.31.149.75 with SMTP id x72mr50501600vkd.81.1448830181500; Sun, 29 Nov 2015 12:49:41 -0800 (PST) Sender: morrison.levi@gmail.com Received: by 10.31.191.75 with HTTP; Sun, 29 Nov 2015 12:49:41 -0800 (PST) In-Reply-To: References: Date: Sun, 29 Nov 2015 13:49:41 -0700 X-Google-Sender-Auth: dLqYanzIMnhzBTuMD9TcRzVdUIg Message-ID: To: Nikita Popov Cc: PHP internals , Anatol Belski , Remi Collet Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] HashDos protection From: levim@php.net (Levi Morrison) > 1. (Self-balancing binary trees). The idea here is that a balanced binary > tree has worst-case insertion time O(log N), while the linked list we > normally use has worst-case insertion time O(N). This means that the > worst-case execution time for N insertions into a hashtable goes from > O(N^2) to O(N log N), i.e. from catastrophic to "a few times slower than > usual". > > I don't think this solution is viable for PHP. Supporting binary trees ne= xt > to linked list collision resolution will make the hashtable implementatio= n > *a lot* more complicated -- and it isn't exactly simple as is. I have written self-balancing binary trees on multiple occasions. I know that we want to minimize complexity but if the complexity actually helps solve this issue I think it would be worth it. I assume you didn't create a proof of concept for this option =E2=80=93 is that correct? I think fataling because of collisions is a poor solution to this problem because fataling in some cases may contribute to a successful DOS attack (I do not think Aerys is the only piece of software that would be vulnerable to this). I am sure PHP is not the only language that has experienced pain with HashDos =E2=80=93 how have other languages handled it?