|
|
|
|
|
|
by martinkl
5109 days ago
|
|
|
Recent versions of Ruby also use a much better hash function. Java's hash function on strings has a slightly less trivial process for generating collisions, but it's still very easy to generate enough of them to pose a DoS risk. Edit: actually, Java's String.hashCode() has exactly the same problem — prepending null chars doesn't change the hash code. And because the hash function is actually part of the Java standard library docs, it will probably never be changed (unlike Ruby's). |
|
|
http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-Ma...