SearchV2 DOS protection #3172
Comments
roman-khimov
added
config
|
What "iterations" means here? |
|
Keys evaluated as per primary index. |
|
So your suggestion does not allow to find (10K+1)th element ever? |
|
SV2 works with 1000 items returned along with the continuation token normally and this will still work for regular uses since there is just 1000 iterations per request. But if you have 6M objects in a container you can create a query for non-existing object and I don't want to scan 6M (or whatever per-node share of it) of entries to answer that. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Is your feature request related to a problem? Please describe.
I'm always frustrated when I realize that specifically crafted SearchV2 requests can make the node spend a lot of CPU cycles for nothing. Normal requests that want to quickly find something are no longer a problem, but some other can be.
Describe the solution you'd like
Add an iteration limit to the SearchV2 implementation. If we're making like 10K iterations with no results we're done, internal error is returned. The parameter is node-specific with this 10K default.
Describe alternatives you've considered
Time limits, but they're harder to check.
Additional context
#3058
The text was updated successfully, but these errors were encountered: