Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate (limit) user-provided query parameters, e.g. lengths_age #97

Closed
michaelklishin opened this issue Dec 29, 2015 · 5 comments

Comments

Projects
None yet
3 participants
@michaelklishin
Copy link
Member

commented Dec 29, 2015

lengths_age and lengths_incr need to be validated and capped the same way page size is.

@michaelklishin michaelklishin assigned dcorbacho and essen and unassigned dcorbacho Jan 6, 2016

@michaelklishin michaelklishin added this to the 3.6.1 milestone Jan 12, 2016

@essen

This comment has been minimized.

Copy link
Contributor

commented Jan 13, 2016

What max values should i put?

@essen

This comment has been minimized.

Copy link
Contributor

commented Jan 13, 2016

Nevermind that. If I understand right you want to limit the number of records returned by queries that use those values, not limiting the records themselves? Ie if we request an hour of data with a sample by minutes that's 60, and perhaps we can have a hard limit of samples of 500 or something? Am I understanding right?

@michaelklishin

This comment has been minimized.

Copy link
Member Author

commented Jan 13, 2016

Currently it is possible to enter an arbitrarily high number and potentially put a serious strain on the management node. We need to limit our exposure to that.

@essen

This comment has been minimized.

Copy link
Contributor

commented Jan 13, 2016

Understood, I can reproduce (even did an OOM, oops). What I was saying in the previous comment should be at least a first step.

@michaelklishin

This comment has been minimized.

Copy link
Member Author

commented Jan 18, 2016

Fixed in #106.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.