There needs to be a check in the search function requiring the Search to have a new search ID every go. If I perform a "New Topics" search, my search_id does not expire. So I can click "Go" in my browser and it will load the new results again without the 20 second limit. this performs 8 queries and through the use of an automated PERL script hosted on a webserver could bring codex to its knees via a DoS attack.
If I hosted the script on 5 servers, and executed them all at once, we are tlking over 5000 queries a second. can the mySQL database handle that? I think not.
Now fix it admins.