cubicweb: misc/migration/3.13.3_Any.py@b84a233cb8b0 (annotated)

[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110) Today, it is possible to call .related and get a huge unlimited database-dos-inducing resultset that will be nevertheless limited a bit further in pure python in the `autolimited` view. While we cannot completely avoid potential denial of services such as these we mitigate the problem with the default ui settings: if the inner vid is `autolimited`, then the relation result sets is computed using the user-defined limit. This change respects the semantics of the `autolimited` view and shouldn't break anything.

7688 f1b6e7c09a6f [schema] restrict source mapping 'cw_schema' relation to non final relation, we currently have no use for attributes Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	1	drop_relation_definition('CWSourceSchemaConfig', 'cw_schema', 'CWAttribute')
f1b6e7c09a6f [schema] restrict source mapping 'cw_schema' relation to non final relation, we currently have no use for attributes Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	2	sync_schema_props_perms('cw_schema')

author	Aurelien Campeas <aurelien.campeas@logilab.fr>
	Tue, 19 Mar 2013 15:30:06 +0100
changeset 8736	b84a233cb8b0
parent 7688	f1b6e7c09a6f
permissions	-rw-r--r--