Re: Maximum results to return from query



Olav Vitters wrote:
> Searching for a bug can produce lots of results. Some queries can
> return all the bugs in the database. The script has a very idiotic way
> to protect against such queries (nothing after the ? in the URL or just
> buglist.cgi).
> 
> A java program was requesting:
>   http://bugzilla.gnome.org/buglist.cgi?bug_id=
> This caused buglist.cgi to retrieve all bugs. I've blocked his IP &
> changed buglist.cgi to reject above query, but the java program already
> had 3 buglist.cgi processes running on window, each consuming lots of
> processor time (20min) & memory (180MB+).
> 
> Ideally buglist.cgi should contain a better detection of such queries.
> 
> Another way would be to limit the number of bugs in the SQL. This isn't
> perfect as the java process would still return lots of results, but it
> is easy to implement. This is what I want to do now.
> 
> My question: What is the maximum number of bugs you would ever want to
> see as a query result? I'm guessing 2000.

What about setting a smallish limit for anonymous users, and allowing
much larger (or unlimited) queries for logged-in users? That way if
someone abuses it you'll be able to restrict them based not only on
their current IP, but their entire account (and even other IPs they've
been logged in from before)?

Zack



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]