rhafer@suse.de wrote:
On Wednesday 29 August 2007 18:48, ando@sys-net.it wrote:
rhafer@suse.de wrote:
But a malicous client can then just send requests with sizelimit 1. Those
query will get cached and the database is of no real use anymore (IMO).
Well, in this case, the proxycache should either change the sizelimit
(and the timelimit) to unlimited, and deal with client-requested limits
locally,
This seems like the nicest approach to solve the problem. But seems to be a
bit more effort.
I'd go this way, yes.
My suggest for a quick fix for this issue would be to just not cache queries
that return one off the _LIMIT_EXCEEDED error codes. Probably with checking
if it was a client-requested limit or a limit of the server side (in which
case we could probably cache the results).
Then please make a clear statement in the code that it's a temporary
workaround, so it is easier to spot and remove, eventually.
or consider uncacheable those requests that specify a time or a
size limit.
Well that would cause even those queries being uncachable that would not hit
the requested limit. If I understand you correctly.
Right. Well, I understand if no limit was hit the request would become
cacheable. In this case, the approach you suggest would be fine.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------