[
https://issues.apache.org/jira/browse/SOLR-534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12832351#action_12832351
]
Walter Underwood commented on SOLR-534:
---------------------------------------
-1
This adds a denial of service vulnerability to Solr. One query can use lots of
CPU or memory, or even crash the server.
This could also take out an entire distributed system.
If this is added, we MUST add a config option to disable it.
Let's take this back to the mailing list and find out why they believe all
results are needed.There must be a better way to solve this.
> Return all query results with parameter rows=-1
> -----------------------------------------------
>
> Key: SOLR-534
> URL: https://issues.apache.org/jira/browse/SOLR-534
> Project: Solr
> Issue Type: New Feature
> Components: search
> Affects Versions: 1.3
> Environment: Tomcat 5.5
> Reporter: Lars Kotthoff
> Priority: Minor
> Attachments: solr-all-results.patch
>
>
> The searcher should return all results matching a query when the parameter
> rows=-1 is given.
> I know that it is a bad idea to do this in general, but as it explicitly
> requires a special parameter, people using this feature will be aware of what
> they are doing. The main use case for this feature is probably debugging, but
> in some cases one might actually need to retrieve all results because they
> e.g. are to be merged with results from different sources.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
