> On Dec 28, 4:47 pm, Jann Horn <[email protected]> wrote: >> Basically, because v8 uses weak hashes for objects, you can fill up >> one slot of the hashtable with many entries, e.g. using a POST >> containing a querystring with many keys with the same hash. Operating >> on those keys (inserting and reading) then becomes slow as hell which >> allows you to bring a nodejs server to 100% CPU usage for a long time >> (blocking the event loop completely) with one moderately large POST >> request. This is bad.
>> Those guys say they told Google October 18th, they got through to the >> v8 guys in November, and they said they don't care sooo much about DoS >> attacks on v8 because they're mainly interested in browserside stuff. Гугл не захотел фиксить хэши в v8, им все равно, как он в ноде работает. Очередная причина избегать джаваскрипт за пределами браузера :) -- Moscow.pm mailing list [email protected] | http://moscow.pm.org
