Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Still trying to understand the attack? (Score 1) 156

by CBravo (#38531758) Attached to: Microsoft Issuing Unusual Out-of-Band Security Update
And the 7.0 commit message says something like

...
if (paramHashValues.containsKey(key)) {
values = paramHashValues.get(key);
} else {
values = new ArrayList(1);
paramHashValues.put(key, values);
}
values.ensureCapacity(values.size() + newValues.length);
for (String newValue : newValues) {
values.add(newValue);
}

which means that if a hash-collision is detected the values are added to the valueset (instead of modifying the hash algorithm).

Comment Re:Still trying to understand the attack? (Score 1) 156

by CBravo (#38531456) Attached to: Microsoft Issuing Unusual Out-of-Band Security Update
The actual release note says:

Improve performance of parameter processing for GET and POST requests. Also add an option to limit the maximum number of parameters processed per request. This defaults to 10000. Excessive parameters are ignored. Note that FailedRequestFilter can be used to reject the request if some parameters were ignored. (markt/kkolinko)

Comment Re:Mod parent up! (Score 1) 360

by CBravo (#38366850) Attached to: Ask Slashdot: How To Get Non-Developers To Send Meaningful Bug Reports?
I have it POST to a system which filters every exception to a category (with sql statements per category). Depending on the category I have a warn / alert threshold set in Munin. If a service operations issue happens (table X is marked as crashed) I notice in 5 minutes, PEBKACs have a high threshold. I know it before they call.

Slashdot Top Deals

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Close