Hi! In invenio.conf there is a statement
## CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS -- in order to limit denial of ## service attacks the total number of records per group displayed as a ## result of a search query will be limited to this number. Only the ## superuser queries will not be affected by this limit. CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS = 200 This should effectively limit the number of hits returned to 200, except if I'm superuser. First of all: this works. However, if I check search engine code, there is also a parameter for rg to return _all_ records in a collection. This disregards any max settings, and I think it's existence is also sensible. But if I actually set it invenio does NOT check if I have any special rights, it seems. At least on our test system guest just happily dumped out 15.000 records in hb. It's sort of a bug-feature. In fact I was searching for such a possibility, or at least a way to get a larger chunk of data (you know those guys from the bibliometrics department always have funny ideas...) Nevertheless, a feeling tells me that this behaviour is not intended. I think, that dumping down a whole collection might be quite usefull. Even in http given one might use a format like hx, xe or other structured stuff for post processing. (Sure, probably a simple fetching loop is better.) But I think one should probably be able to limit it to a certain group of people or the like. Firerules come into mind, say "if user = bibliometryfreak and timeofday = 2:00-3:00am and requestingIP in range ...". Ah, Invenio 1.0.2 maint. -- Kind regards, Alexander Wagner Subject Specialist Central Library 52425 Juelich mail : [email protected] phone: +49 2461 61-1586 Fax : +49 2461 61-6103 www.fz-juelich.de/zb/DE/zb-fi ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------
