rmuir commented on PR #15937:
URL: https://github.com/apache/lucene/pull/15937#issuecomment-4198284211

   > My intent with the callback was to support callers that already control 
the determinization call site directly, not to immediately thread a new 
parameter through WildcardQuery, RegexpQuery, tokenizers, etc.
   
   Well, I think lucene shouldn't have even a single parameter for this 
resource control, and definitely not two parameters. Such parameters don't make 
sense to me and only come from people who think they can expose exponential 
algorithms safely to hostile user inputs. You can't: so just don't do that: it 
isn't safe and it isn't lucene's job to make it safe. Adding more resource 
controls and making the api even worse, will not change that situation.
   
   I'd like to remove determinization from WildcardQuery/RegexpQuery at some 
point. If the input is a DFA, then you get a DFA execution, otherwise an NFA 
execution. The code is already there for this. We just need to flip the switch.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to