Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Your web server parses HTTP headers with a hash table? Might very well be exploitable.

That is why you shouldn't use hash tables in code that might (even potentially) become a target for DoS attacks.



You can have hash tables that cannot be targeted by DoS attacks.

You can use a family of hash functions and seed the hash table instance with a key.

The attacker won't be able to do make assumptions regarding collisions because he doesn't have access to the initial key.


This being universal hashing right? Is there an implementation of this?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: