PREVENTING MISUSE OF DATABASE SEARCHES
First Claim
1. A method for preventing misuse of database searches, the method comprising:
- receiving a regular expression in a first thread of an application process;
searching a database to find an input character string that matches the regular expression, wherein a duration of the searching scales greater than linearly with a size of an input character string in order to guarantee a determination of whether an input character string matches the regular expression;
tracking, within the first thread, a computational effort performed during the search;
comparing the computational effort to a threshold value; and
performing an internal exit in the first thread when the computational effort exceeds the threshold value.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus for preventing misuse of searches of a database system are provided. This prevention of misuse of database searches can enable reliable operation of the database system, as an improper query using a regular expression will not shut down or severely affect an application process that provides access to the database system. A thread of the application process determines whether an input character characters string matches the regular expression. To prevent misuse, a computational effort of the search is tracked, and compared to a threshold value. When the threshold is exceeded, an operation of the thread is exited or stopped.
21 Citations
20 Claims
-
1. A method for preventing misuse of database searches, the method comprising:
-
receiving a regular expression in a first thread of an application process; searching a database to find an input character string that matches the regular expression, wherein a duration of the searching scales greater than linearly with a size of an input character string in order to guarantee a determination of whether an input character string matches the regular expression; tracking, within the first thread, a computational effort performed during the search; comparing the computational effort to a threshold value; and performing an internal exit in the first thread when the computational effort exceeds the threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A database system comprising:
-
an input interface for receiving a regular expression from a user; logic that runs a first thread of an application process, wherein the first thread is configured to; receive the regular expression; search a database of the database system to find an input character string that matches the regular expression, wherein a duration of the searching scales greater than linearly with a size of an input character string in order to guarantee a determination of whether an input character string matches the regular expression; track a computational effort performed during the search; compare the computational effort to a threshold value; and stopping the determination of whether an input character string matches the regular expression when the computational effort exceeds the threshold value. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product comprising a computer readable medium encoded with a plurality of instructions for controlling a computing system to perform an operation for preventing misuse of database searches, the instructions comprising:
-
receiving a regular expression in a first thread of an application process; searching a database to find an input character string that matches the regular expression, wherein a duration of the searching scales greater than linearly with a size of an input character string in order to guarantee a determination of whether an input character string matches the regular expression; tracking, within the first thread, a computational effort performed during the search; comparing the computational effort to a threshold value; and performing an internal exit in the first thread when the computational effort exceeds the threshold value. - View Dependent Claims (19, 20)
-
Specification