Message151063
>>> * the method would need to be implemented for all hashable Python types
>> It was already discussed, and it was said that only hash(str) need to
>> be modified.
>
> Really ? What about the much simpler attack on integer hash values ?
>
> You only have to send a specially crafted JSON dictionary with integer
> keys to a Python web server providing JSON interfaces in order to
> trigger the integer hash attack.
JSON objects are decoded as dicts with string keys, integers keys are
not possible.
>>> json.loads(json.dumps({1:2}))
{'1': 2} |
|
Date |
User |
Action |
Args |
2012-01-11 14:55:55 | Mark.Shannon | set | recipients:
+ Mark.Shannon, lemburg, gvanrossum, tim.peters, barry, georg.brandl, terry.reedy, jcea, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, Arach, Zhiping.Deng, Huzaifa.Sidhpurwala, PaulMcMillan |
2012-01-11 14:55:54 | Mark.Shannon | link | issue13703 messages |
2012-01-11 14:55:54 | Mark.Shannon | create | |
|