[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5114) pcache cache results for searches that hit size/timelimit
ando@sys-net.it wrote:
> rhafer@suse.de wrote:
>> On Wednesday 29 August 2007 18:48, ando@sys-net.it wrote:
>>> rhafer@suse.de wrote:
>>>> But a malicous client can then just send requests with sizelimit 1. Those
>>>> query will get cached and the database is of no real use anymore (IMO).
>>> Well, in this case, the proxycache should either change the sizelimit
>>> (and the timelimit) to unlimited, and deal with client-requested limits
>>> locally,
>> This seems like the nicest approach to solve the problem. But seems to be a
>> bit more effort.
>
> I'd go this way, yes.
>
>> My suggest for a quick fix for this issue would be to just not cache queries
>> that return one off the _LIMIT_EXCEEDED error codes. Probably with checking
>> if it was a client-requested limit or a limit of the server side (in which
>> case we could probably cache the results).
>
> Then please make a clear statement in the code that it's a temporary
> workaround, so it is easier to spot and remove, eventually.
>
>>> or consider uncacheable those requests that specify a time or a
>>> size limit.
>> Well that would cause even those queries being uncachable that would not hit
>> the requested limit. If I understand you correctly.
>
> Right. Well, I understand if no limit was hit the request would become
> cacheable. In this case, the approach you suggest would be fine.
Of course the result size has to also fit within the cache's configured size
limit. We may want to add another type of negative caching record here for this
case "we already know the result set is too large, ignore the cache DB"...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/