HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


OCP bail out with lots of SQL output

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#94607 (In Topic #18857)
Avatar

Community saint

Hi,

Has anyone seen OCP bail out and show the SQL it was working on ?

One of my forum members (an IT savvy programmer) has just contacted me to say he was browsing around some old forum posts (we have some 670,000 from a Raven Nuke import) and got a bail out.
But instead of the restricted information he got some detailed SQL statements - in his opinion enough to hack in with if you know what you are doing.

Unfortunately he did not save the output and cannot get OCP to reproduce it.

Will have to keep an eye on it.

I cannot see anything obvious in the logs.

Cheers
Ade
Back to the top
 
Posted
Rating:
#94608
Avatar

There's a stack trace privilege which is off by default.

It's unlikely you could hack with them, the database structure of ocPortal obviously is not private anyway, and some attempt to strip passwords is done in stack traces. But he's right to say you don't want this.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#94621
Avatar

Community saint

Cheers Chris - I appreciate that a lot.

They are cached now - because they come back very quickly - great stuff.

Cheers
Ade
Back to the top
 
Posted
Rating:
#94698
Avatar

Community saint

Killed it but it has not recovered.
I think I will have to restart mysql
Back to the top
 
Posted
Rating:
#94710
Avatar

An interesting tweak to MySQL's settings I just learnt, is to set low_priority_updates=1. This stops the locking problem happening here, which was:
  • Slow running selection query happens
  • Update query to a table involved in the slow running selection query happens, and it can't proceed because the slow running query has made a read lock (i.e. writes are blocked until reading has finished)
  • Selection queries to this table queue up, because MySQL puts precedence on the update query
With low_priority_updates=1, MySQL no longer puts precedence on update queries, so the queue shouldn't build up. Of course, I wish MySQL was smart enough to not queue up queries that could run – it should see the higher precedence query is blocked due to a lock and thus let the non-blocked read queries take temporary precedence.

(That said the slow queries involved here have been resolved now, so this should not really be needed)


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: