Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ErrorException: Allowed memory size: Full export of database #10

Closed
kumy opened this issue Mar 12, 2018 · 8 comments
Closed

ErrorException: Allowed memory size: Full export of database #10

kumy opened this issue Mar 12, 2018 · 8 comments
Assignees
@kumy
Labels
bug Something isn't working

Comments

@kumy
Copy link
Member

kumy commented Mar 12, 2018

Calling an "export type 1" for long duration break on over memory consumption.

https://geokrety.org/export.php?modifiedsince=20000510032102&kocham_kaczynskiego=********

https://sentry.kumy.org/geokrety/geokrety-legacy/issues/547/

ErrorException: Allowed memory size of 134217728 bytes exhausted (tried to allocate 123015360 bytes)
  File "db.php", line 191, in handleFatalError
    $result = $this->mysqli->query($sql);
  File "templates/sentry-php-master/lib/Raven/ErrorHandler.php", line 0
    Raven_ErrorHandler->handleFatalError
@kumy kumy self-assigned this Mar 12, 2018
@kumy kumy added the bug Something isn't working label Mar 12, 2018
@romain-dartigues
Copy link

By looking at

geokrety-website/db.php

Line 191 in 757f300

$result = $this->mysqli->query($sql);

I suspect it's PHP trying to be smart, where "buffered queries are the default", which is at at fault.

Try with unbuffered queries / mysqli_use_result.

@boly38
Copy link
Member

boly38 commented Mar 13, 2018

Anyway, buffer or not, and out of error, I dont see any kind of limit onto the sql query. That's sounds like bad practice, and security issue.

kumy added a commit that referenced this issue Mar 13, 2018
@kumy
Fix #10: Full export of database to much memory
e24c040
@kumy
Copy link
Member Author

kumy commented Mar 13, 2018

@boly38 this script is for exporting the whole database, so, why "not using LIMIT" is a security risk?

kumy added a commit that referenced this issue Mar 13, 2018
@kumy
Fix #10: Full export of database to much memory
0842e8c
kumy added a commit to geokrety/geokrety-scripts that referenced this issue Mar 13, 2018
@kumy
Re-enable export.php
63b397b 
geokrety/geokrety-website#10
@boly38
Copy link
Member

boly38 commented Mar 13, 2018

DoS of someone querying export without constraints.

@boly38
Copy link
Member

boly38 commented Mar 13, 2018

Another way to fix it: adding rules to prevent more than one export per IP. per time unit.
Eg. 1 export per 8 hour for anonymous. 1 export per hour for partners

@kumy
Copy link
Member Author

kumy commented Mar 13, 2018

DoS of someone querying export without constraints.

Without token, requests are limited to 10 days.

adding rules to prevent more than one export per IP.

Nice idea. Could this be achieved using rate limit on nginx side?

@boly38
Copy link
Member

boly38 commented Mar 13, 2018

yeah ..seems possible
https://www.nginx.com/blog/rate-limiting-nginx/

This was referenced Mar 13, 2018
Open
Closed
@kumy
Copy link
Member Author

kumy commented Mar 13, 2018

New dedicated issue for discussing rate limiting. #12

@kumy kumy closed this as completed in f878d3d Mar 28, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kumy kumy

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kumy @romain-dartigues @boly38