Mark Dickinson <dicki...@gmail.com> added the comment:
> I also wonder if there's security implication for servers that process > user-submitted input Yes, the "malicious actor" scenario is another one to consider. But unlike the string hashing attack, I'm not seeing a realistic way for the nan hash collisions to be used in attacks, and I'm content not to worry about that until someone gives an actual proof of concept. Many of Python's hash functions are fairly predictable (by design!) and there are already lots of other ways to deliberately construct lots of hash collisions with non-string non-float values. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43475> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
