2007/10/26, Simetrical <Simetrical+wikilist(a)gmail.com>om>:
Permitting anonymous users to scan the page table seems like a pretty
good DoS vector for whatever server is being sacrificed for this.
Okay, then we may set limit for max number of calls per hour for each
query. For example, we can allow to run
SELECT page_namespace FROM page WHERE page_title=? ORDER BY page_namespace
about 100 times per hour, but
SELECT page_title, page_namespace FROM page WHERE page_id=(SELECT
rev_page FROM rev WHERE rev_summary = ?)
only 10 times.
However, this solution has another side - someone may flood server
with requests to our query script thus preventing normal users to
access it.
About "anonymous users". We also can provide some kind of registration
for trusted users, which would be unaffected by the limits I proposed
above.