| << Back to previous view |
|
[QB-783] Limit number of query results via RESTful API for normal users
|
|
| Status: | Resolved |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | 3.1.15 |
| Fix Version/s: | 3.1.16 |
| Type: | Improvement | Priority: | Major |
| Reporter: | Robin Shen | Assigned To: | Robin Shen |
| Resolution: | Fixed | Votes: | 1 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Description |
|
We encountered a problem today. One of our users tried the query /rest/builds via REST API. The result is that it completely blocked the server as we have thousands of builds. We verified this in both QB 2.1 and 3.1.
First, /rest/builds shouldn't be available past certain limit. Moreover, our concern is that any of our users can actually produce a denial of service on our server by doing heavy queries. Could you please set a reasonable limit on the query above and any other that does heavy loading of data? |
| Comments |
| Comment by Robin Shen [ 09/Jan/11 07:45 AM ] |
| Non-admin users are now only allowed to search up to 25 builds per query. Other queries will not consume too many server resources. |