In Python 3.3 or less, if you create a dict
that includes" a certain value "of str, bytes, and datetime types, the calculation will be extremely difficult and may put a huge load on the CPU, and if it is abused by a third party. You can stop the service.
To prevent this, you must add the -R
option to the python
command or specify the environment variable PYTHONHASHSEED =" random "
. [^ 1]
The description of the -R
option in 1. Command Line and Environment — Python 3.3.6 Documentation says: I am.
In earlier versions of Python, this option enables hash randomization. This causes str, bytes,datetime type__hash__()The value is “salt” with an unpredictable random number. The hash value is fixed for each Python process, but it becomes another unpredictable value if you rerun Python repeatedly.
Hash randomization has the worst dict generation cost O(n^2)It is provided as a defense against DoS attacks by giving carefully selected input values to. For details http://www.ocert.org/advisories/ocert-2011-003.See html.
Python 3.3 and above will do hash randomization by default, but the above options remain for compatibility. Please note that there are probably many people who are still using Python 2 series.
[^ 1]: "random" does not mean "insert a random character string", but means to set it as "random" as written.
Recommended Posts