user-pic

demerphq

  • About: Perl core hacker, Principal Dev and Fellow at Booking.com. You can blame me for hash randomization, and for much of the new regex syntax since 5.10.
  • Commented on Are Restricted/Locked Hashes A Failed Experiment?
    I'm just restating the question to see if anyone thinks it should be a standard part of the hash api....
  • Commented on Are Restricted/Locked Hashes A Failed Experiment?
    Yes indeed. That is my line of thinking too. So i guess a refined version of my question is: should ALL hashes support locking, or would it be sufficient to have a bespoke lockable hash to use with fields.pm...
  • Posted Are Restricted/Locked Hashes A Failed Experiment? to demerphq

    Some time back we added support to Perl for locked or restricted hashes. (See Hash::Util and fields.pm). The basic idea is that you can set up a hash, and then "lock" it, at which point access to unregistered keys in the hash, either write OR read, will cause an exception.

    The basic idea w…

  • Commented on Send in a Perl aref to C, get back a Perl array (and using the generated XS)
    Your XS code will be more efficient if you bypass Inline::C and use XS directly. On the other hand, the strategy you outlined is a good way to learn XS in the first place. Also, there are modules out there...
  • Commented on Three Sort Functions
    Most of these sort functions should not be used directly, but instead should be recoded to use the Shwarzian Transform, or the Guttman Rosler Transform. Here is an example of a complex sort function that is used in perl core...
  • Commented on Statistics for perl hash tables
    Dont worry about Reini's crazier ideas like sorting things by their hash number. That will never ever ever happen. Its a patently ridiculous idea, completely insecure, and nonsensical....
  • Commented on Statistics for perl hash tables
    Also I should mention you compared against CityHash, which as far as I know is broken in that you can construct a multi-collision attack (what I call a key extension attack above). https://131002.net/siphash/#at https://131002.net/siphash/citycollisions-20120730.tar.gz...
  • Commented on Statistics for perl hash tables
    I'd like to clear a couple of things up. First, regarding the hash security changes, we have not published the key discovery attack on the ONE_AT_A_TIME_OLD function, and we have not disclosed the full attack key set I calculated to...
  • Commented on And the fastest OO accessor is...
    Quote from tsee (he cant log in right now - adjectives altered to make sense in context here): Wrong conclusion. Faster than a raw hash? Only if you plan to do parameter validation. Seriously, if you do, pick another language...
Subscribe to feed Recent Actions from demerphq

  • Jon Jensen commented on Are Restricted/Locked Hashes A Failed Experiment?

    I've used restricted hashes in a few ecommerce situations where they were indispensable, exactly as important and useful as `use strict` for making sure lexical accesses aren't typos.

    I don't have any opinion about whether restricted hashes should be part of all hash types -- I think I'd be fine using a special hashlike object since I haven't used them a lot. But in the cases I've needed them, they were really, really helpful.

  • Andreas Koenig commented on Are Restricted/Locked Hashes A Failed Experiment?

    kid51: short example

    % perl -le '
    use Getopt::Long;
    use Hash::Util qw(lock_keys);
    lock_keys %Opt, qw(mrg);
    GetOptions(\%Opt, "mrg=i") or die;
    if ($Opt{mgr}){
    print "INT=$Opt{mrg}";
    }
    '
    Attempt to access disallowed key 'mgr' in a restricted hash at -e line 6.

    An example that combines with Pod::Usage:
    http://repo.or.cz/cpan-testers-parsereport.git/blob/HEAD:/bin/ctgetreports

  • Mikko Koivunalho commented on Are Restricted/Locked Hashes A Failed Experiment?

    For me lock_keys is a typo checker, also but not limited for production code, also but not limited for blessed hashed.

  • Toby Inkster commented on Are Restricted/Locked Hashes A Failed Experiment?

    Locked hashes are great, but if the implementation is slowing down all hashes, then I agree they should no longer be built in, and should be moved to a module

    That said, I think it's an important enough feature that this module should be bundled with Perl, so that people relying on fields.pm (which was first released with Perl 5.5) and Hash::Util (Perl 5.8) won't need to install anything extra.

  • Alceu Rodrigues de Freitas Junior commented on Are Restricted/Locked Hashes A Failed Experiment?

    I have used Hash::Utils more than once, specially in OOP projects that I was using "default" OOP model of Perl (not Moose or anything like that).
    On the other hand, I usually don't start using it from scratch, usually when things starts to getting more complex and bugs starts to appear it is a sign that I should consider using it.
    It is good to be have options... sometimes you need flexibility (like expanding a…

Subscribe to feed Responses to Comments from demerphq

About blogs.perl.org

blogs.perl.org is a common blogging platform for the Perl community. Written in Perl and offering the modern features you’ve come to expect in blog platforms, the site is hosted by Dave Cross and Aaron Crane, with a design donated by Six Apart, Ltd.