[kwlug-disc] KWLUG error and security issue

Khalid Baheyeldin kb at 2bits.com
Tue Mar 2 20:46:21 EST 2010


On Tue, Mar 2, 2010 at 7:55 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:

> On Tue, Mar 02, 2010 at 10:35:12AM -0500, Khalid Baheyeldin wrote:
> > Paul or someone with ssh access. Do this:
> >
> > # mysql dbname
> > mysql > repair table accesslog;
> >
> > That should fix this problem.
>
> I assume this output is okay?
>
> mysql> repair table accesslog;
>
> +---------------------------+--------+----------+------------------------------$
> | Table                     | Op     | Msg_type | Msg_text
>     $
> |
>
> +---------------------------+--------+----------+------------------------------$
> | db.accesslog | repair | warning  | Number of rows changed
> from 500179 to 500184 |
> | db.accesslog | repair | status   | OK                           $
> |
>
> +---------------------------+--------+----------+------------------------------$
> 2 rows in set (41.84 sec)
>

Yes. Table is repaired.


> Stupid question time: if errors are not verbose, then how will we know
> that they are happening? I log into the site about once a month. If I
> bother to look at
>
> http://kwlug.org/admin/logs/watchdog
>
> then I see the errors, but unless the site admins can somehow get notified
> when these bad things happen it's almost better if users see the errors
> and report them, no? Many eyes make shallow bugs and all that?
>

Good question, and depends on how the site is managed.

I don't think a message with a SQL error is a security risk per se.
Annoying?
Yes. Too much info? Yes. But it does not open any new holes.

In this case, because no one checks daily, then it may be best to put it
back
to what it was, and hope some one sees it sooner, like what happened.

Another thing you can do is install the watchdog patch from here
http://drupal.org/node/149341 which makes Drupal 5 behave like Drupal 6
in logging. This means you can enable the syslog module and have all
the watchdog stuff go to flat files, and then use your favorite log parser
(tenshi, logwatch) or one of John V's regexps to filter the noise out and
email you daily the odd stuff.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://astoria.ccjclearline.com/pipermail/kwlug-disc_kwlug.org/attachments/20100302/0081e886/attachment-0001.html>


More information about the kwlug-disc_kwlug.org mailing list