Awesome. Thanks Alan. I had seen other places that keywords were not garbage collected. I should have just read the source.
On Wed, Jan 16, 2013 at 2:18 PM, Alan Malloy <a...@malloys.org> wrote: > Keywords are garbage-collected if no references to them exist. I think > this is as of Clojure 1.3, but I'm not sure exactly; perhaps it's always > been true. You can see it easily enough at > https://github.com/clojure/clojure/blob/master/src/jvm/clojure/lang/Keyword.java#L32 > - > there's a map from symbols to *references* to keywords, not keywords > themselves. Those (weak) references make the keywords themselves eligible > for GC. > > > On Wednesday, January 16, 2013 9:51:59 AM UTC-8, Tony Pitluga wrote: >> >> From what I have read about keywords in Clojure, it does not seem like >> they are garbage collected. The keyword params middleware seems to convert >> user input into keywords. Putting two and two together, it seems like you >> could DoS any server using this middleware by sending large amounts of >> random strings as params. Eventually exhausting the memory of the JVM. >> >> This is a common security vulnerability in the Ruby world with converting >> user input strings to symbols. Am I missing something here? >> >> Thanks, >> Tony >> > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
