kelunik
commented
7 years ago Limiting the number of object properties should be enough there.
Open paragonie-scott opened 7 years ago
kelunik
commented
7 years ago Limiting the number of object properties should be enough there.
paragonie-scott
commented
7 years ago I'm using SipHash anyway, that's already decided.
I can add optional limits on the number of properties/child objects, if that's desirable too.
Or, more specifically, a specification for creating strictly-typed objects out of JSON inputs, which uses SipHash-2-4 internally (with a per-request seed) to mitigate HashDOS incidentally.
Further reading: http://lukasmartinelli.ch/web/2014/11/17/php-dos-attack-revisited.html