Closed c0rydoras closed 1 month ago
Quick question: how will this be used? As you note yourself, this may cause performance problems, not only for malicious queries (which I think we can neglect here) but also for regular users who don't know when a RE query will cause the DB to break down
@winged https://github.com/adfinis/timed/issues/29 describes that
@winged #29 describes that
Thanks! Still a small explanation in the PR (and commit message!) won't hurt, along with a link in the original comment to the issue. Just to make things easier when we need to dig for reasons in 5 years
I switched to postgres full text search instead of regex, this should make it so that ReDoS is no longer an issue, and it's probably more user friendly for nontechnical users :)
I much prefer the FTS search! However this will need an appropriate index on the comment
field, otherwise it's gonna be rather slow, as it needs a full table scan each time, same as the regex lookup would have.
Here's how you can do that: https://docs.djangoproject.com/en/5.0/ref/contrib/postgres/search/#performance
implements: https://github.com/adfinis/timed/issues/29