2005-11-15, 03:37 AM
Hello again,
I don't want to report another security bug this time, although there are still some of them in your software.
The problem i would like to report is a problem with 'search' function in mybb. I have discovered, that some search queries can run into 'nirvana' until the php process kills itself after max_execution_time limit reached. During that execution the process uses all available CPU time. Another result can happen is MySQL process death and MySQL error 2013 ('Lost connection to MySQL server during query'). Nice isn't it? That 'feature' definitely improves an image of web site that uses your software...
That happens when i use very common search terms like 'this' or 'it'. For example, a search query containing only two words 'this it' at your community forum have ends in a following error page after about 30 seconds:
I would not give you a tipp about optimizing MySQL queries (surely great you know that much better than little me). Btw, that can also be used for flood down a server (shall i explain how? ).
I don't want to report another security bug this time, although there are still some of them in your software.
The problem i would like to report is a problem with 'search' function in mybb. I have discovered, that some search queries can run into 'nirvana' until the php process kills itself after max_execution_time limit reached. During that execution the process uses all available CPU time. Another result can happen is MySQL process death and MySQL error 2013 ('Lost connection to MySQL server during query'). Nice isn't it? That 'feature' definitely improves an image of web site that uses your software...
That happens when i use very common search terms like 'this' or 'it'. For example, a search query containing only two words 'this it' at your community forum have ends in a following error page after about 30 seconds:
Quote:mySQL error: 2013(values of lastactive and uid are changed).
Lost connection to MySQL server during query
Query: UPDATE users SET lastactive='XXXXXXXXXX', timeonline=timeonline+7 WHERE uid='XXX'
I would not give you a tipp about optimizing MySQL queries (surely great you know that much better than little me). Btw, that can also be used for flood down a server (shall i explain how? ).