If the language does not provide a randomized hash function or the application server does not recognize attacks using multi-collisions, an attacker can degenerate the hash table by sending lots of colliding keys. The algorithmic complexity of inserting n elements into the table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request. This workaround limits the number of GET, POST and cookie parameters to a reasonable maximum of 100 key/value pairs per request, reducing the effectiveness of such attacks. Normal web applications should not need to process more than 100 parameters per request, but this limit can be changed by setting Request.MAX_PARAMS to a different value. Some links: https://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/ http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html http://www.nruns.com/_downloads/advisory28122011.pdf
…ascii unicode strings.
Thanks to Bender Rodriges and John R. Isidore
Thanks to Brian Wickman
…exceptions raised by a dynamically loaded application, plugin or server adapter.
…g other than the system default raised UnicodeError.