From: <kl...@hy...> - 2004-03-12 16:07:43
|
I've had an email discussion with Alexey Shchepin where he is a bit displeased with how Yaws use list_to_atom Here is the discussion: ------------ >> (e.g. 3000 such requests with 500 key-value pairs is enough to >> make beam produce erl_crash.dump with "Slogan: no more index >> entries in atom_tab (max=1048576)") k> Yes I know, this has been an issue in the yaws mailing list many k> times. There are really no easy solutions to it. k> One (obvious solution) would be to use lists, that would make Yaws k> a tiny little bit slower though. k> So it's a choice beteen k> (a) abit slower, but resilient to _that_ dos attack k> (b) a bit faster but succeptible to _that_ dos attack (as well) k> I don't even know what I think is best, (a) or (b). Personally I prefer (a), because reliability is more important, and preformance degrade is very small (at least it seems to be small, there are more expensive operations like socket send/receive). BTW, would be interesting to make benchmark for these cases and compare results. :) Also application can pass a list of acceptable keys, and parsing function will call list_to_atom only on these keys. This will make parsing slightly slower, but further processing will be as in (b). --------------- I tend to agree. If we're to have Yaws servers running at real live sites, we can't have this. The downside of removing list_to_atom would also be that it's a backwards incompatible change. The output from parse_query/1 is a list of {Key, Val} where Key is an atom. So what do you all think, the next (1.42) release will have some other minor incompatibilies as well, so this would be a good time to do this backwards incompatible change ??? Remove all the list_to_atom/1 calls or believe in a friendly internet ? :-) /klacke -- Claes Wikstrom -- Caps lock is nowhere and http://www.hyber.org -- everything is under control |