lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Goetz <br...@quiotix.com>
Subject RE: [Bug 12137] New: - Can '*' or '?' symbol be used as the first character of a search?
Date Wed, 28 Aug 2002 22:03:12 GMT

>But I also think that this feature should be implemented by a search 
>engine, so that it is easily accessible.  Even if it is not 
>programmatically difficult to manually build the query, most beginners are 
>going to use the parser, and then ask the question why doesn't this 
>work.  The prospect of building the query manually will sound difficult, 
>and may discourage them from using Lucene.
>
>So, if it can be implemented in such a way that you only take the 
>performance hit when you put the wildcard as the first letter, I would 
>like to see that implemented.

This is a sensible-sounding argument, but contains some hidden assumptions 
about your user base which can lead to very bad results in general.

Lets call a LUCENE DEVELOPER someone who understands the internals of 
Lucene.  (Such as me.)
We'll call an APP DEVELOPER someone who uses Lucene to build an 
application.  He understands the general issues involved in search and 
retrieval.  (Such as you.)
We'll call an APP USER someone who doesn't know anything about Java, 
Lucene, programming, or anything, but knows how to use Google.

You are saying "I'm a savvy APP DEVELOPER, I know that certain search 
patterns are expensive, but why should I be precluded from using 
them?  I'll be careful, and if I screw up, its my problem."

That statement might be true if the universe of users of your app included 
only APP DEVELOPERS.  But the query parser is explicitly designed for APP 
USERS.  They don't know that certain classes of queries are much more 
expensive.  They don't even know what "expensive" means in this 
context.  So a user enters "*" into a search box, and it takes a really 
long time to run.  Maybe they assume something got hung up somwhere, and 
they open _another_ browser window, and enter the same search.  Now some 
random user has innocently created a DoS attack on your system.

The Query Parser is a convenience for making common search options 
available to APP USERS.  As such, it _must_ be designed with the assumption 
that the end user is an APP USER, not an APP DEVELOPER.

Your users are smarter than this?  Great!  Build your queries with the 
query constructors.  They're not hard to use.  But just because your users 
are smart enough to use a chainsaw without cutting off their legs, doesn't 
mean that we should hand out chainsaws to APP USERS all over the world.



--
Brian Goetz
Quiotix Corporation
brian@quiotix.com           Tel: 650-843-1300            Fax: 650-324-8032

http://www.quiotix.com


--
To unsubscribe, e-mail:   <mailto:lucene-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:lucene-dev-help@jakarta.apache.org>


Mime
View raw message