Thought I'd ask here before I go browsing the code and running experiments.

Is it possible to create a "killer query" in Hibernate? That is could I do a find that causes so many objects to be instantiated that the system runs out of memory.

And if so, how are people dealing with this? Explicit row limits in all queries?

I think people generally deal with this problem by applying good design a programming practices to solving real business problems and not by looking for how to break something.

The "real business problem" would be the ability for a user to take down the entire application by initiating a query that causes the application to run out of memory.

A previous home-grown O/R mapping framework we used, limited the number of objects that were allowed to be created in the IdentityMap to prevent this problem. We've now migrated to Hibernate. Is there something similar in place? And if not, how are people addressing this risk?

We've including explicit result limits in the cases that we considered likely to be a problem but it would be preferable to have a catch all safety net.

I would be concerned about allowing users the ability to execute arbitrary queries.

But yes, the typical guard would be to set min and max results.

Do you have a use case where you want to return *every* row or are you just hypotheticaling ;)

Users cannot execute arbitrary queries but I'd consider it possible that some existing or future development misses out on a potential result set blow-out. Having some mechanism to limit the number of objects from query results is
as I said, more a safety net.

So you trade off potentially incorrect query results (which information is skipped?) for not having to see when developers did bad things?

Previous framework would throw an exception that would fail the operation, that is, no query results. Obviously preferable that nothing that reached production would be able to trigger this failure, but a failed operation is better than a crashed application.

In testing, whats the difference?

By this, I think you're suggesting that this doesn't really matter in testing. I'd actually think it would be nicer from a development speed point of view that even the test environment didn't die because of a bad query. I'd rather a nice exception message.

But, I'm assuming that I can't rely on testing to catch everything.

Well, I guess it's really easy to limit the entries in a persistence context in Hibernate and throw some exception if that limit is reached. I just don't see the value, as the number of entries has not much influence on the memory consumed.

To avoid out-of-memory problems, you can use query iterating lazy-fetching and discard used objects from session.

E.g. if you want to output a lot of data (e.g. every object in hibernate), you can run:

for (Iterator i=session.createQuery("from Object").iterate();i.hasNext();)
{
Object o=i.next();
outputObject(o);
session.evict(o);
}

This instaciates the results object by object and session.evict() removed the object from the session cache when it's no more used.

Michael.

jchyip if you are a non-native english speaker, you need to learn the meaning of "unhelpful". It is not the negation of "solves my immediate problem right now"!

http://dictionary.reference.com/search?q=unhelpful

If you are a native English speaker, then what you just did (rating Christian's comments down) is close to what I would consider a bannable offence.

Don't do that again.

Gavin; whats the quickest way to loose customers? Introduce a rating system and then mention "banning" if they don't rate the way you want ;)

Really. Think about it ;)

I am an English speaker and if something doesn't directly lead me to a solution, then it isn't helpful. Sure, it may not have been unhelpful, but it sure wasn't helpful ;)

Maybe you should change the ratings to "appreciated" and "unappreciated". You guys started this can of worms ;)

And for what its worth, I agree he shouldn't have marked it as unhelpful, just not sure anyone from Hibernate team should be saying so ;)

Apparently you have a very, very different definition of the word "customer" to the one I work from. :) Our customers have a special support portal where all questions are guaranteed to be answered by the Hibernate team in a timely manner. The forum is specifically for non-customers.

The point of the credit system is to encourage people to act as a "community", meaning that people will try to help, even when they are not absolutely sure of the answer. If they get rated down for doing this (and I've been noticing a few instances of this already), then people will be discouraged from trying to help.

Calling someone who is trying to help you "not helpful" is extremely rude behavior in my view, and if I see people doing this, I will treat them accordingly.

Understand that the main value of the credit system is to encourage and reward question answerers, not question askers :-)



I'm trying to get this issue sorted out with Christian. At the very least, We need better documentation of what the ratings are intended to mean. I must admit that right now I'm even fuzzy on what is the actual effect of a "not helpful" rating.