Hi Flavius, On 01/17/2010 05:23 PM, Flavius Olaru wrote: > Hi, > > I've done a installation on my localhost (Windows XP machine) of XE > 2.1.1, Tomcat 6 and MySQL 5.1. > After this i wrote a bad hql query and executed it which brought MySQL > to spyke the CPU usage to 100% and even more rendering both the > localhost and database unusable. > > {{velocity}} > #set($badhql = ", BaseObject obj, StringProperty stringprop, > LargeStringProperty largestringprop where (doc.name like '%$text%' or > doc.content like '%$text%') or (obj.name=doc.fullName and > stringprop.id.id=obj.id and stringprop.value like '%$text%') or > (obj.name=doc.fullName and largestringprop.id.id=obj.id and > largestringprop.value like '%$text%')")
as we already discussed (but logging here for posterity), I don't see why this would be called a "bad hql". It highly depends on the specific instance, the data in it, etc. Any query which is 'good' on one instance can be 'bad' on another one. Also, the responsiveness / unresponsiveness of the server depends on the configuration of the machine, but I agree that there can be queries & instances that would render any machine (build with current technologies) unusable. I personally prefer to be able to write whatever I want, even if it renders the machine unusable, I needed it in some situations and I prefer this to _not_ be enforced: if I want a query to take longer, I should be able to do it and setup my own safety nets (warn user, etc). After all, it's an application platform and the application developers are (anyway, should be, in an ideal world) responsible of what they're writing. > #set($ok = $list.addAll(0, $xwiki.searchDocuments("$badhql"))) > > {{include document="XWiki.Results"/}} > {{/velocity}} > > The bad thing is that $xwiki.searchDocuments brought me to this state > (no programming rights.). If there would be a possibility to allow 'bad queries' only for programming APIs (considering that all other calls should be "safe"), then this could be a decent middle way, otherwise I'm for no limits. > Now my question is: Are there any remedies against this? MySQL > configuration statements that prevent this kind of behaviour? as Oana was remarking earlier in a conversation, the settings could be done on database server side, regardless of xwiki, and depending on what your specific needs on an instance are. Thanks, Anca > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users