Thanks for pointing this out! This one hadn't crossed my radar screen yet. It sounds particularly nasty. Peter On Dec 30, 2011, at 9:59 AM, Yitzchak Schaffer wrote: > Hi all, > > In case y'all haven't heard, there's this mega-evil hash table DDoS > domesday thing? Right. The NY PHP list pointed out that the problem can > be handled deftly on PHP servers by using the Suhosin extension (not the > patch) with the suhosin.request.max_vars setting (default should work). > > http://www.hardened-php.net/suhosin/ > > More on this issue: > http://seclists.org/fulldisclosure/2011/Dec/486 -- Peter Murray Assistant Director, Technology Services Development LYRASIS [log in to unmask] +1 678-235-2955 1438 West Peachtree Street NW Suite 200 Atlanta, GA 30309 Toll Free: 800.999.8558 Fax: 404.892.7879 www.lyrasis.org LYRASIS: Great Libraries. Strong Communities. Innovative Answers.