Relevant code http://grepcode.com/file/repo1.maven.org/maven2/org.apache.solr/solr-core/5.2.0/org/apache/solr/search/ValueSourceParser.java#126
On Saturday, September 26, 2015, Doug Turnbull < dturnb...@opensourceconnections.com> wrote: > I noticed a while back that "sleep" is a function query. Which I > believe means I can make the current query thread sleep for as long as I > like. > > I'm guessing an attacker could use this to starve Solr of threads, running > a denial of service attack by running multiple queries with sleeps in them. > > Is this a concern? I realize there may be test purposes to sleep a > function query, but I'm trying to think if there's really practical purpose > to having sleep here. > > Best, > -Doug > > > -- > *Doug Turnbull **| *Search Relevance Consultant | OpenSource Connections > <http://opensourceconnections.com>, LLC | 240.476.9983 > Author: Relevant Search <http://manning.com/turnbull> > This e-mail and all contents, including attachments, is considered to be > Company Confidential unless explicitly stated otherwise, regardless > of whether attachments are marked as such. > > -- *Doug Turnbull **| *Search Relevance Consultant | OpenSource Connections <http://opensourceconnections.com>, LLC | 240.476.9983 Author: Relevant Search <http://manning.com/turnbull> This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
