Details
-
New Feature
-
Status: Open (View Workflow)
-
P3
-
Resolution: Unresolved
-
None
-
None
-
-
CP: Non-roadmap backlog
-
Core: Platform
Description
We've had warnings for some time, but since that's not relayed back to a client this
has not prevented slow queries from popping up.
This also allows some endpoint to return a list of valid indexes and relations allowed.
Since users can use arbitrary fields and, thus, cause RMB-based modules to perform sequental scan, this is a very easy to perform denial-of-service attack.. Inventory front-end has the "Query search" slot where the user can enter any CQL: https://folio-snapshot.aws.indexdata.com/inventory?qindex=querySearch&sort=Title
TestRail: Results
Attachments
Issue Links
- relates to
-
FOLIO-2563 SPIKE: propose prevention of DoS via CQL query
-
- Closed
-
-
FOLIO-2524 Security Audit raised issues
-
- Open
-
-
-
- Closed
-
-
RMB-533 Performance: Fix lower/f_unaccent usage by checking all 5 index types
-
- Closed
-
-
-
- Open
-