Hi Stas, On Wed, Sep 21, 2016 at 11:26 AM, Stanislav Malyshev <[email protected]> wrote: > >> I think we are better to limit max collisions. >> I'm +1 for Nikita's proposal does this. > > Max collision per what? How much would be the limit?
Collision by keys. It would be nice to have configurable limit like regex stack/backtrack limit. That said, wouldn't 1000 enough for almost all apps? Anyway, we have two choices - Simply limit the number of collisions. (Fast and has no impact to code) - Use crypt safe hash and salt. (Slow and has impact to opcache/etc) Limiting something is good to have sometimes. Python even limits number of recursions to 1000 by default. We have PCRE stack/backtrack limits. (We'll have mbregex stack limit soon) Collision limit is good one also. Regards, -- Yasuo Ohgaki [email protected] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
