On Sun, 10 Sept 2023 at 16:37, David Bailey <d...@dbailey.co.uk> wrote: > > On 07/09/2023 00:07, Oscar Benjamin wrote: > > Hi all, > > > > I have a new blog post following the last one: > > https://oscarbenjamin.github.io/blog/czi/post2.html > > > > This one discusses SymPy's polynomial system, improvements that can be > > made and in particular how to make use of python-flint to speed up > > polynomial operations in SymPy. > > > > -- > > Oscar > > > Many thanks for that Oscar , > > For me, it started out easy, but went above my head at some point - > which is probably ideal for learning something new. > > I was amazed that converting an integer to a decimal string could cause > a denial of service problem. Is that because it is used for public key > encryption (RSA or similar), or just because a server processing > mathematical problems online might be crashed in this way?
The worry is that you might have say a website where a user clicks on some buttons and that sends some data to a server like { username: david bonus_points: 100000000000000000 } Then the server would parse the data like bonus_points = int(data['bonus_points']) # convert the string to an integer Then if an attacker sends many requests with long strings for bonus_points the slow calls to int() might lock up the server. Of course the server code could do something like: if len(balance_string) > 100: return Error("Absurd balance") balance = int(balance_string) The CPython folks decided that there were likely to be too many places in too many codebases that used int() without considering this problem and so it was not practical to fix them all. -- Oscar -- You received this message because you are subscribed to the Google Groups "sympy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sympy+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sympy/CAHVvXxT6z5vcFaqy_oPB3-yzBMukWLyqzPXv9GTFaeobYA5z1Q%40mail.gmail.com.