[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: some thoughts on indexing (Was: Some openldap fixes... (fwd))

peter wrote:
> On Wed, Sep 20, 2000 at 11:12:02AM -0700, Kurt D. Zeilenga wrote:
> > I also plan to implement some additional administrative limits:
> >       1) return error to client if number of candidates
> >       exceeds a limit (before testing)
> would break LDAP specs i think,..
> allthough,.. there are a few fuzzy errors one could abuse for
> this purpose, like: LDAP_UNWILLING_TO_PERFORM
> why though ?

Preventing the denial-of-service attack that consists in making
requests with filters mentioning standard (and thus, likely to
be supported) but of little use (and thus, unlikely to be indexed)
attribute types.  For instance, '(teletexTerminalIdentifier=*)'.

Without care, that triggers a sequential database trip.