[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110)
Today, it is possible to call .related and get a huge unlimited
database-dos-inducing resultset that will be nevertheless limited a
bit further in pure python in the `autolimited` view.
While we cannot completely avoid potential denial of services such as
these we mitigate the problem with the default ui settings: if the
inner vid is `autolimited`, then the relation result sets is computed
using the user-defined limit.
This change respects the semantics of the `autolimited` view and
shouldn't break anything.
from base64 import b64decode, b64encode
try:
uri, newdn = __args__
except ValueError:
print 'USAGE: cubicweb-ctl shell <instance> ldap_change_base_dn.py -- <ldap source uri> <new dn>'
print
print 'you should not have updated your sources file yet'
olddn = repo.config.sources()[uri]['user-base-dn']
assert olddn != newdn
raw_input("Ensure you've stopped the instance, type enter when done.")
for eid, extid in sql("SELECT eid, extid FROM entities WHERE source='%s'" % uri):
olduserdn = b64decode(extid)
newuserdn = olduserdn.replace(olddn, newdn)
if newuserdn != olduserdn:
print olduserdn, '->', newuserdn
sql("UPDATE entities SET extid='%s' WHERE eid=%s" % (b64encode(newuserdn), eid))
commit()
print 'you can now update the sources file to the new dn and restart the instance'