On Fri, Feb 8, 2013 at 12:54 AM, Student Jr <lists / ruby-forum.com> wrote:
> Well, if you want me to be explicit, I can.
>
> Certainly if you accept arbitrary user input for parsing, you have an
> automatic DOS vector by dint of sending a very large packet.  Fine.
>
> But if someone can make a thousand connections, and over the course of
> the thousand connections PERMANENTLY chew up 100k of member per
> connection, you start of have a problem of a very different sort.
>
> It is in that sense--the sense of a memory leak--that symbols are
> different in this regard.
>
> And before you come back with "don't do that", remember that the ability
> to create arbitrary objects is a prime feature of YAML.  There needs to
> be a way to scope that feature, and this is one option.

I'm running into something now with an API that converts XML to a
nested Hash with symbol keys via Savon. At some point, we're going to
be getting near 5000 items in these XML responses. It's not direly
problematic for this particular case, as this is something that gets
called infrequently at that rate, the XML is a response to a request
on our end (i.e. is not open to the wild wild internet), and is in a
self-contained job so it never permanently eats up memory, but it does
give me pause.