Re: Sleep function query a big security hole?

Great! Thanks -Doug On Sun, Sep 27, 2015 at 9:28 AM, Ishan Chattopadhyaya < ichattopadhy...@gmail.com> wrote: > +1, I agree. Opened https://issues.apache.org/jira/browse/SOLR-8099 > Thanks, > Ishan > > On Sun, Sep 27, 2015 at 5:22 AM, Doug Turnbull < > dturnb...@opensourceconnections.com> wrote:

Re: Sleep function query a big security hole?

+1, I agree. Opened https://issues.apache.org/jira/browse/SOLR-8099 Thanks, Ishan On Sun, Sep 27, 2015 at 5:22 AM, Doug Turnbull < dturnb...@opensourceconnections.com> wrote: > Relevant code > > http://grepcode.com/file/repo1.maven.org/maven2/org.apache.solr/solr-core/5.2.0/org/apache/solr/search

Re: Sleep function query a big security hole?

Relevant code http://grepcode.com/file/repo1.maven.org/maven2/org.apache.solr/solr-core/5.2.0/org/apache/solr/search/ValueSourceParser.java#126 On Saturday, September 26, 2015, Doug Turnbull < dturnb...@opensourceconnections.com> wrote: > I noticed a while back that "sleep" is a function query. W

Sleep function query a big security hole?

I noticed a while back that "sleep" is a function query. Which I believe means I can make the current query thread sleep for as long as I like. I'm guessing an attacker could use this to starve Solr of threads, running a denial of service attack by running multiple queries with sleeps in them. Is