2007/10/26, Simetrical Simetrical+wikilist@gmail.com:
Permitting anonymous users to scan the page table seems like a pretty good DoS vector for whatever server is being sacrificed for this.
Okay, then we may set limit for max number of calls per hour for each query. For example, we can allow to run SELECT page_namespace FROM page WHERE page_title=? ORDER BY page_namespace about 100 times per hour, but SELECT page_title, page_namespace FROM page WHERE page_id=(SELECT rev_page FROM rev WHERE rev_summary = ?) only 10 times.
However, this solution has another side - someone may flood server with requests to our query script thus preventing normal users to access it.
About "anonymous users". We also can provide some kind of registration for trusted users, which would be unaffected by the limits I proposed above.