Great! Thanks -Doug
On Sun, Sep 27, 2015 at 9:28 AM, Ishan Chattopadhyaya < ichattopadhy...@gmail.com> wrote: > +1, I agree. Opened https://issues.apache.org/jira/browse/SOLR-8099 > Thanks, > Ishan > > On Sun, Sep 27, 2015 at 5:22 AM, Doug Turnbull < > dturnb...@opensourceconnections.com> wrote: > > > Relevant code > > > > > http://grepcode.com/file/repo1.maven.org/maven2/org.apache.solr/solr-core/5.2.0/org/apache/solr/search/ValueSourceParser.java#126 > > > > On Saturday, September 26, 2015, Doug Turnbull < > > dturnb...@opensourceconnections.com> wrote: > > > > > I noticed a while back that "sleep" is a function query. Which I > > > believe means I can make the current query thread sleep for as long as > I > > > like. > > > > > > I'm guessing an attacker could use this to starve Solr of threads, > > running > > > a denial of service attack by running multiple queries with sleeps in > > them. > > > > > > Is this a concern? I realize there may be test purposes to sleep a > > > function query, but I'm trying to think if there's really practical > > purpose > > > to having sleep here. > > > > > > Best, > > > -Doug > > > > > > > > > -- > > > *Doug Turnbull **| *Search Relevance Consultant | OpenSource > Connections > > > <http://opensourceconnections.com>, LLC | 240.476.9983 > > > Author: Relevant Search <http://manning.com/turnbull> > > > This e-mail and all contents, including attachments, is considered to > be > > > Company Confidential unless explicitly stated otherwise, regardless > > > of whether attachments are marked as such. > > > > > > > > > > -- > > *Doug Turnbull **| *Search Relevance Consultant | OpenSource Connections > > <http://opensourceconnections.com>, LLC | 240.476.9983 > > Author: Relevant Search <http://manning.com/turnbull> > > This e-mail and all contents, including attachments, is considered to be > > Company Confidential unless explicitly stated otherwise, regardless > > of whether attachments are marked as such. > > > -- *Doug Turnbull **| *Search Relevance Consultant | OpenSource Connections <http://opensourceconnections.com>, LLC | 240.476.9983 Author: Relevant Search <http://manning.com/turnbull> This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
