On 8/27/07, Yuri Astrakhan <yuriastrakhan(a)gmail.com> wrote:
Gregory, thanks for the warning. The toolserver will
not work for
this - its using MySQL 5, which optimizes everything very differently.
Plus it is using views instead of tables - again, there are some
optimization bugs associated with that. This really has to be on the
main wiki - this way we could even compare a large wiki vs a small
wiki query optimizations.
It probably wouldn't be a huge security risk to open up a slave to
this, but I don't expect it to happen anytime soon.
One solution would be to disable regex - most queries
don't need that.
Er, what? The query doesn't depend on regex:
mysql> EXPLAIN SELECT * FROM user WHERE user_name='Simetrical' AND
SUBSTRING(user_password, 1, 1) BETWEEN '8' AND 'f';
+----+-------------+-------+-------+---------------+-----------+---------+-------+------+-------+
| id | select_type | table | type | possible_keys | key |
key_len | ref | rows | Extra |
+----+-------------+-------+-------+---------------+-----------+---------+-------+------+-------+
| 1 | SIMPLE | user | const | user_name | user_name | 257
| const | 1 | |
+----+-------------+-------+-------+---------------+-----------+---------+-------+------+-------+
1 row in set (0.00 sec)
mysql> EXPLAIN SELECT * FROM user WHERE user_name='Simetrical' AND
SUBSTRING(user_password, 1, 1) BETWEEN '8' AND 'f';
+----+-------------+-------+-------+---------------+-----------+---------+-------+------+-------+
| id | select_type | table | type | possible_keys | key |
key_len | ref | rows | Extra |
+----+-------------+-------+-------+---------------+-----------+---------+-------+------+-------+
| 1 | SIMPLE | user | const | user_name | user_name | 257
| const | 1 | |
+----+-------------+-------+-------+---------------+-----------+---------+-------+------+-------+
1 row in set (0.00 sec)
You could do the same thing like LIKE, or with any number of other
string functions.
I guess we can make a list of prohibited
fields/tables.
The only feasible option.