Hello There, Guest! Register

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Improve mySQL error reporting
06-17-2010, 05:35 AM,
#1
Improve mySQL error reporting
Hello Guys,

I proposed a new way for reporting mysql errors that I think is more accurate for new developers, testers, and everybody:

Before
[Image: 508ef684764158.jpg]

Now
[Image: dcbe3484764156.jpg]

I could send a patch there are not many changes only in the class_db.php. I'm using the $main->error function

Cheers
06-17-2010, 05:45 AM,
#2
RE: Improve mySQL error reporting
Yeah, this seems way more accurate and easier to know what the actuall problem is. Awesome Smile
Regards,
Andraž Rihtar
06-17-2010, 10:01 AM,
#3
RE: Improve mySQL error reporting
maybe the extended error should be sent to a log file, because of two things:

1. the user does not want a syntax dump on their screen and
2. this could be exploited eventually?
06-17-2010, 10:05 AM,
#4
RE: Improve mySQL error reporting
I've always wanted to include a debug mode but to be honest I didn't feel it was worth the time. I hide all of my errors on my servers to save my users the headache and from giving them to much information also. Big Grin
06-17-2010, 10:49 AM,
#5
RE: Improve mySQL error reporting
My comments:

1. the user does not want a syntax dump on their screen
Forgot to say that this will be only showed for developers.
You just create a new config variable called "server_type" or "server_status" or whatever with 2 possible values, "Production" or "Test". Then if the server is a test mode then you could see all the debug messages. Smile

2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

It worth the time, unless you know every position of every sql query in the system. This is very useful for newcomers and if you want that the community report bugs more accurately , develop new features, bla bla etc
06-17-2010, 03:46 PM, (This post was last modified: 06-17-2010, 03:47 PM by Kevin.)
#6
RE: Improve mySQL error reporting
(06-17-2010, 10:49 AM)jmontoya Wrote: 2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

I'm guessing it displays the SQL queries with the variables parsed, so if any senstive data was in there, it could possibly be exploited. But since you can switch between Dev and Production mode it shouldn't be as much of a problem.

The only real exploit though would be an FPD (Full Path Disclosure) exploit. But I definitely like this. If you guys want it badly, we can't stuff it into 1.2.2 but it'll be on the board of 1.2.3 if we can get a patch of sorts. Thanks!
Kevin Mark - TheHostingTool Lead Developer
06-25-2010, 06:24 AM,
#7
RE: Improve mySQL error reporting
I create a issue in the google code for that, I'm also sending the patch there.

http://code.google.com/p/thehostingtool/...tail?id=28

Hope that helps Smile





(06-17-2010, 03:46 PM)Kevin Wrote:
(06-17-2010, 10:49 AM)jmontoya Wrote: 2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

I'm guessing it displays the SQL queries with the variables parsed, so if any senstive data was in there, it could possibly be exploited. But since you can switch between Dev and Production mode it shouldn't be as much of a problem.

The only real exploit though would be an FPD (Full Path Disclosure) exploit. But I definitely like this. If you guys want it badly, we can't stuff it into 1.2.2 but it'll be on the board of 1.2.3 if we can get a patch of sorts. Thanks!


Forum Jump:


Users browsing this thread: 1 Guest(s)