5 Jan
2012
5 Jan
'12
9:50 p.m.
Kazu Yamamoto (山本和彦) wrote:
Hello guys,
As you may know, "Denial of Service through hash table multi-collisions" was disclosed:
http://permalink.gmane.org/gmane.comp.security.full-disclosure/83694
The hashable package is affected but not affected to Yesod suite. However, I guess we should provide size limitation of HTTP body on POST to Warp.
I disagree with limiting the size. I might be better to for the Warp application to consume the POST data in constant space. Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/