• (nodebb)

    Not just French names either. Plenty of names like O'Connor in Ireland (and by extension, in the US where a lot of the Irish migrated).

  • Julian Jones (unregistered)

    The pedant in me really wants to point out that "D'Tables" is not a correct French contraction.

  • (nodebb)

    I remember introducing my brother - an amateur PHP web developer - to prepared statements. He was absolutely overjoyed. He always thought there was something a bit wrong with using string interpolation and finding out that there was a proper way to parameterise your queries was a revelation.

  • (nodebb) in reply to Julian Jones

    Disappointingly, Google translate tells me that the French for "SQL table" does not begin with a vowel.

  • RLB (unregistered)

    As for the last one, just hope nobody ever sets ANSI_QUOTES in sql_options...

  • Prime Mover (unregistered)

    Error log, error log

    Every morning you greet me

    Gigabyte, full of sh*te

    How I long to delete thee

    Running so slow you just bloomin' grow

    Bloomin' grow for ever

    Error log, error log

    Fill my disk up for ever

  • Sauron (unregistered)

    Sane solution: use prepared SQL statements, so the error log won't fill the disk stupidly, and as a bonus it fixes the cybersecurity.

    Enterprisey solution: stop logging the errors, so the error log won't fill the disk stupidly.

    Very enterprisey solution: don't touch the code, and get some intern slave to purge the error log every 24h instead.

    Very very enterprisey solution: don't touch the code, and get some intern slave to purge the error log every 24h. Then realise the error log still grows too fast, so stop logging errors.

    Very very very enterprisey solution: don't touch the code, and get some intern slave to purge the error log every 24h. Then realise the error log still grows too fast, so stop logging errors, but still tell the intern to continue purging the error log every day.

    Ultimate enterprisey solution: Fire all the devs, and get some underqualified and underpaid sub-sub-sub-sub-sub-contractors from a poor country to deliver in 6 months a fix that'll actually make the problems twice worse.

  • (nodebb) in reply to Sauron

    My only quibble is that you seem to have missed the interim stage where the intern slave purges the error log more often than 24h.

    Or an automated task is generated to purge the log at the desired interval. Bonus points if the automation generates more errors.

  • eluvatar (unregistered)

    Easy (bad) solution. Make a hard link from /dev/null to the log file location, no application knowledge required!

  • (nodebb) in reply to Sauron

    I think the enterprisey solution would be to install Splunk and write fancy rules to ignore this error. :-)

  • The Beast in Black (unregistered) in reply to Prime Mover

    This is NOT Brillant! Love it!

  • xtal256 (unregistered) in reply to Llarry

    And of course the automated task would take longer to do than just fixing the bug.

  • Chris (unregistered) in reply to Llarry

    Pretty sure the automated task is written in a way that it doesn't actually find any errors to purge, because it fails to open the log, or opens the wrong file.

  • löchlein deluxe (unregistered)

    Kinda surprised there's not a "replace ' with ´" in there. Our homegrown customer data bse mangling tool literally had to be extended every time somebody with a new accented letter came along. Fortunately, that is a quick job because there's no version control (unless you count index.pl_1996_04_13_new.bak_verynew_broken_try2), no merge request and no code review.

  • (nodebb) in reply to Sauron

    And then the intern writes a cron job that deletes the error logs every 24 hours. that someone fixes to be more enterprisy and replaces

    rm -rf /db_log_files/*

    with

    log_file_dir = /db_log_files; rm -rf $log_files_dir/*

    Addendum 2022-11-17 01:39:

    (read the replacement line carefully!)

  • Yazeran (unregistered) in reply to thosrtanner

    my bash-Fu is insufficient to immediately see what the result will be, but anything involving 'rm' and '*' will immediately trigger a warning in my head.... :-)

    Yazeran

  • (nodebb)

    Injection is still in the top 3 of the OWASP security vulnerabilities detected in the wild.

    Recommendations like "input validation" are crude and silly: Robbert D'Tables -- pronounced with a silent T -- has a right to his full name! Recommendations like "escape first" are perfectly valid, yet those still haven't taken hold after decades of efforts.

    Isn't it long overdue to just get rid of [initially: make it hard to use] text-based, external API's that rely on an interpreter to determine the meaning of their input?

    If that doesn't happen voluntarily, perhaps somebody needs to push. That wouldn't be without precedent. For example, Europe actually has a law that demands 2-factor authentication in certain circumstances. It aims to prevent problems that for a long time (up to just last year) used to be in the top 2 of OWASP.

  • Sole Purpose Of Visit (unregistered) in reply to Sauron

    Well, maybe. (And a hugely entertaining enterprisey summary.)

    But actually the correct solution is to use a circular list as the basis for the error log. Allocate whatever memory hit you want to the log, and work with that. Error logs are not meant to be fundamental to the application or service, and they should not interfere with day-to-day operations.

    How you do this is entirely platform dependent. But basically you set a limit to the number of entries and, once this limit is reached, you either overwrite the first entry or you delete it.

  • سمارت بتس (unregistered)
    Comment held for moderation.
  • David Mårtensson (unregistered) in reply to Yazeran

    missing an s :P

  • سمارت بتس (unregistered)
    Comment held for moderation.
  • numzero (unregistered) in reply to David Mårtensson
    Comment held for moderation.

Leave a comment on “D'Tables”

Log In or post as a guest

Replying to comment #:

« Return to Article