Last modified: 2012-12-30 21:12:24 UTC
Bots frequently submit huge spam documents as search queries. In order to limit system impact, there should be a config option to set the maximum number of terms used in a search. Terms > than that should be stripped off transparently.
Number of terms (means tokenizing & determining whether operators count as terms or not?), or is just raw length of search query sufficient?
I think raw query length would be a better approach, though we can set it based on the (most OR expensive OR query OR we) AND "want to" OR support. With this approach, perhaps it could be implemented in the core SearchEngine class so as to be agnostic to the search backend or extension used?