Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Improve mySQL error reporting
#1
Hello Guys,

I proposed a new way for reporting mysql errors that I think is more accurate for new developers, testers, and everybody:

Before
[Image: 508ef684764158.jpg]

Now
[Image: dcbe3484764156.jpg]

I could send a patch there are not many changes only in the class_db.php. I'm using the $main->error function

Cheers
#2
Yeah, this seems way more accurate and easier to know what the actuall problem is. Awesome Smile
Regards,
Andraž Rihtar
#3
maybe the extended error should be sent to a log file, because of two things:

1. the user does not want a syntax dump on their screen and
2. this could be exploited eventually?
#4
I've always wanted to include a debug mode but to be honest I didn't feel it was worth the time. I hide all of my errors on my servers to save my users the headache and from giving them to much information also. Big Grin
- KuJoe
#5
My comments:

1. the user does not want a syntax dump on their screen
Forgot to say that this will be only showed for developers.
You just create a new config variable called "server_type" or "server_status" or whatever with 2 possible values, "Production" or "Test". Then if the server is a test mode then you could see all the debug messages. Smile

2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

It worth the time, unless you know every position of every sql query in the system. This is very useful for newcomers and if you want that the community report bugs more accurately , develop new features, bla bla etc
#6
(06-17-2010, 10:49 AM)jmontoya Wrote: 2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

I'm guessing it displays the SQL queries with the variables parsed, so if any senstive data was in there, it could possibly be exploited. But since you can switch between Dev and Production mode it shouldn't be as much of a problem.

The only real exploit though would be an FPD (Full Path Disclosure) exploit. But I definitely like this. If you guys want it badly, we can't stuff it into 1.2.2 but it'll be on the board of 1.2.3 if we can get a patch of sorts. Thanks!
Kevin Mark - TheHostingTool Lead Developer
#7
I create a issue in the google code for that, I'm also sending the patch there.

http://code.google.com/p/thehostingtool/...tail?id=28

Hope that helps Smile





(06-17-2010, 03:46 PM)Kevin Wrote:
(06-17-2010, 10:49 AM)jmontoya Wrote: 2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

I'm guessing it displays the SQL queries with the variables parsed, so if any senstive data was in there, it could possibly be exploited. But since you can switch between Dev and Production mode it shouldn't be as much of a problem.

The only real exploit though would be an FPD (Full Path Disclosure) exploit. But I definitely like this. If you guys want it badly, we can't stuff it into 1.2.2 but it'll be on the board of 1.2.3 if we can get a patch of sorts. Thanks!


Forum Jump:


Users browsing this thread: 1 Guest(s)