lucene-solr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Walter Underwood (JIRA)" <>
Subject [jira] Commented: (SOLR-534) Return all query results with parameter rows=-1
Date Thu, 11 Feb 2010 01:46:29 GMT


Walter Underwood commented on SOLR-534:


This adds a denial of service vulnerability to Solr. One query can use lots of CPU or memory,
or even crash the server.

This could also take out an entire distributed system.

If this is added, we MUST add a config option to disable it.

Let's take this back to the mailing list and find out why they believe all results are needed.There
must be a better way to solve this.

> Return all query results with parameter rows=-1
> -----------------------------------------------
>                 Key: SOLR-534
>                 URL:
>             Project: Solr
>          Issue Type: New Feature
>          Components: search
>    Affects Versions: 1.3
>         Environment: Tomcat 5.5
>            Reporter: Lars Kotthoff
>            Priority: Minor
>         Attachments: solr-all-results.patch
> The searcher should return all results matching a query when the parameter rows=-1 is
> I know that it is a bad idea to do this in general, but as it explicitly requires a special
parameter, people using this feature will be aware of what they are doing. The main use case
for this feature is probably debugging, but in some cases one might actually need to retrieve
all results because they e.g. are to be merged with results from different sources.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message