| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | "Josh Berkus" <josh(at)agliodbs(dot)com> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Andrew Dunstan" <andrew(at)dunslane(dot)net>, Hans-Jürgen Schönig <postgres(at)cybertec(dot)at> |
| Subject: | Re: Mini improvement: statement_cost_limit |
| Date: | 2008-08-04 20:02:36 |
| Message-ID: | 87proor1k3.fsf@oxford.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Josh Berkus" <josh(at)agliodbs(dot)com> writes:
> In such a production application, it is better to have false positives and
> reject otherwise-OK queries becuase their costing is wrong, than to let a
> single cartesian join bog down an application serving 5000 simultaneous users.
> Further, with a SQL error, this would allow the query rejection to be handled
> in a user-friendly way from the UI ("Search too complex. Try changing search
> terms.") rather than timing out, which is very difficult to handle well.
>
> The usefulness of this feature for interactive sessions is
> limited-to-nonexistant. It's for production applications.
Wow. I couldn't disagree more.
For such an application this would be a major foot-gun which would give a
false sense of security simultaneously causing random outages and not
providing even the protection you're counting on.
It would be quite likely to miss some cartesian joins and allow problematic
queries through randomly and block other perfectly legitimate queries. I's no
substitute for writing your search engine query generator to actually check
that it has enough constraints to avoid any disallowed cartesion joins.
That people might think it's reliable enough to use for such applications is
my major concern and if my guess is right, Tom's as well. I suspect you may
have just sunk any chance of getting him on-side.
Where I see it useful is a) during development when it might help catch
erroneous queries as a kind of sql-lint. and b) when running ad-hoc DBA
queries where it might let the DBA catch the error before letting it run for a
while. I'm sure I'm not the only DBA who let a query run for 5 minutes before
wondering if it should really be taking that long.
I would be much more comfortable if it produced a warning, not an error. And
much more if we implemented my previous thought of having some settings which
generate warnings if they're set at startup saying that's not recommended.
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's Slony Replication support!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | daveg | 2008-08-04 20:04:46 | Re: Mini improvement: statement_cost_limit |
| Previous Message | Hannu Krosing | 2008-08-04 19:59:52 | Re: Mini improvement: statement_cost_limit |