Jump to content

SQL DEBUG


Guest Jaggi

Recommended Posts

Just looking @ the new security debug notice in news and thought the obvious thing would be to make the sql debug page ONLY work for admin or root admin, wouldn't that just improve security tons? I use it alot of when making mods and testing stuff on live boards when optimizing my db and do always turn it off afterwards but can't see why anyone else would need to see it and i know how potentially unsafe it is if left on.

Link to comment
Share on other sites

What if you are developing a mod and need to see what queries are running as a guest, or as a member?

The debug is simply there to debug your SQL queries. It should work globally, as it does now. It should NOT, however, be left on if your site is publicly accessible and running in a live environment.

With 2.2, you have to modify your init.php file to set IN_DEV to a 1 before it can be used - this is to help ensure users don't simply set the debug on.

Link to comment
Share on other sites

I actually like the idea of being able to see it as a root admin, regardeless to what's set in init.php. If you wanted to see it as a member or guest you can always use the 'IN_DEV' method. The only concern I have about this is when in 'IN_DEV' mode ipb loads the "cachied_1" skin regardless of skin settings, or at least it did with 2.0 and 2.1. Because of this it is not a good idea to work with the debug mode on an actively used forum, but there are times when you need to use it on one. Would be kind of neat if you could break this out into it's own define... As as mentioned before someone may even leave this on as well... Maybe have some type of reminder for when the admin logs in to the board or AdminCP?

Link to comment
Share on other sites

I think we should leave it as it is now - and leave any other changes to a mod.

I do not see the point in an average user turning the SQL debug mode on with their live site. It is a potential security risk, as explained. Allowing it to run if IN_DEV is enabled ensures that you are fully aware of enabling it, rather than just turning the setting on not knowing the potential consequences.

Link to comment
Share on other sites

letme run you through how it can all go sooo wrong:

admin: my forums slow and i'm sure why, i think its my sql


some_guy_on_a_tech_forum: oOh u can set in_dev to 1 and then turn on debug mode to see if you sql queries are slow


admin: oOh cool that sounds great i'll do it...



oOps thats the end of the conversation and OMG a newb just ran off to turn it on AND OMG no0ne told him to turn it off so he doesn't know he had too. :P

see my point :).
Link to comment
Share on other sites

letme run you through how it can all go sooo wrong:


oOps thats the end of the conversation and OMG a newb just ran off to turn it on AND OMG no0ne told him to turn it off so he doesn't know he had too. :P


see my point :) .




If he isn't asking on IPS Beyond, or in a support ticket, he doesn't desereve to be told to turn it off.

If you need help, pay for support, if you don't be idiotic and enable debug mode when told to :whistle:
Link to comment
Share on other sites

Ok, that can happen. But, at the end of the day, what can we really do about those situations? We can remove the feature entirely, sure. Or we can drastically alter it's intended operation so only admins can use it - but that would destroy the function and make it near worthless. I can't even count how many times I needed the debug feature so that I could find out why moderators weren't being pulled for emails, or something to that nature.

I think Matt was going to just go ahead and add a new constant to init.php, aside from IN_DEV, so you can use it whether IN_DEV is on or not - but you'd still need to enable it. Aside from that, we will not be modifying it to only work with admins.

If you are interested in doing that, winnie_pooh posted instructions for it on IPS Beyond somewhere.

There is a point, I'm afraid, where the responsibility does lie with the user/administrator. :)

Link to comment
Share on other sites

well my solution is to add a permissions box like you have on soooo many other settings in admincp so u can set which grps can view it, personally i don't need it cus i keep on top of it and always turn it off but i'll look in ipsbeyond for the one you mentioned and post a mod for this way if you decide not to implement it, its obviously a big enough issue to make a security based news post on it, not to add one box? :huh:

Link to comment
Share on other sites

Ok i'm back, it wasn't hard to do... if its not intergrated then i'll post it on ipsbeyond when ipb 2.2 goes final. Uses same permission settings throughout ipb so works on subgrps too, default is set to root admin and in_dev is still needs to be 1. If group not seleted it just does what it currently does and redirects you back to board index.


sqllm8.jpg

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...