You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Ishan Chattopadhyaya (JIRA)" <ji...@apache.org> on 2015/09/27 15:26:04 UTC
[jira] [Created] (SOLR-8099) Remove sleep() function /
valuesourceparse
Ishan Chattopadhyaya created SOLR-8099:
------------------------------------------
Summary: Remove sleep() function / valuesourceparse
Key: SOLR-8099
URL: https://issues.apache.org/jira/browse/SOLR-8099
Project: Solr
Issue Type: Improvement
Reporter: Ishan Chattopadhyaya
Fix For: 5.4
As per Doug Turnbull, the sleep() represents a security risk.
{noformat}
I noticed a while back that "sleep" is a function query. Which I
believe means I can make the current query thread sleep for as long as I
like.
I'm guessing an attacker could use this to starve Solr of threads, running
a denial of service attack by running multiple queries with sleeps in them.
Is this a concern? I realize there may be test purposes to sleep a function
query, but I'm trying to think if there's really practical purpose to
having sleep here.
Best,
-Doug
{noformat}
This issue is to remove it, since it is neither documented publicly, nor used internally very much, apart from one test suite.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org