People are using Lua to serve web apps. I wonder if the performance hit is bad enough to lead to a DoS.
I think this came up and the consensus was that there are many other dos avenues, and the best solution is probably some sort of front end that filters stupid requests.
If I’m not mistaken, Bernstein had a talk about this exact issue at some point and also made up a strong hash for hashmaps to prevent DoS…
Switching out Lua’s hash algorithm would be a very localized change. It’s one of not particularly many languages that expects to get embedded in another codebase, with customizations.