[Freeswitch-users] High load on database server
Anthony Minessale
anthony.minessale at gmail.com
Thu Oct 27 23:39:37 MSD 2011
ya so furthermore,
The core and sofia has to be generic so it uses ANSI sql transactions with
BEGIN; <2000 sql stmts> COMMIT;
This falls under the category of multi-line stmts and breaks w/o that
enabled thus making the DB suck much more.
On Thu, Oct 27, 2011 at 2:35 PM, Ken Rice <krice at freeswitch.org> wrote:
> Hey Anthony,
>
> I think he’s being a little confused here...
>
> What tony is refering to, is stacked statements “select * from foo;
> update bar set foo=bar; some other statement;”
>
> Allowing stacked statements in 1 call over ODBC is bad mojo that’s exactly
> host most sql injections work in the first place
>
> “select * from users where username = ‘$USERNAME’” ... Replace $USERNAME
> with the next line
>
> ‘; UPDATE users set password=NEWPASSWORD where username = ‘admin’; --
>
> Boom sql injection... Now there are other ways to protect against this like
> properly escaping input from 3rd parties going into your sql statements but
> it still happens all the time...
>
> This is one of the main reasons I use prepared statements on Postgresql
> cause it stops this sort of behavior cold in its tracks... You should still
> properly escape inputs but the extra layer is worth it
>
>
>
>
>
> On 10/27/11 2:08 PM, "Anthony Minessale" <anthony.minessale at gmail.com>
> wrote:
>
> Blah,
>
> I said I don't like mysql, but ok I'll look it up for you.......
>
> http://www.mail-archive.com/profox@leafe.com/msg33150.html
>
> AND
>
>
> http://dev.mysql.com/doc/refman/5.0/en/connector-odbc-configuration-connection-parameters.html
> search for 'FLAG_MULTI_STATEMENTS'
>
> >From our own FS resources:
>
> http://wiki.freeswitch.org/wiki/Using_ODBC_in_the_core#CentOS_5.2
>
> http://www.mail-archive.com/freeswitch-users@lists.freeswitch.org/msg19883.html
>
> or
>
> http://tinyurl.com/4xo26sv
>
>
>
>
>
>
> On Thu, Oct 27, 2011 at 1:29 PM, Hynek Cihlar <hynek.cihlar at gmail.com>
> wrote:
>
> Transactions are by default supported by mysql, the transactions are driven
> by sql statements themselves.
>
> Your statement is either incorrect or I interpret it wrong.
>
>
> Sent from my mobile device
>
> On Oct 27, 2011, at 20:09, Anthony Minessale <anthony.minessale at gmail.com>
> wrote:
>
> mysql does not work with transactions by default in defense of injection
> attacks... read the thread its in the top.
>
>
> On Thu, Oct 27, 2011 at 1:07 PM, Madovsky < <mailto:infos at madovsky.org<infos at madovsky.org>>
> infos at madovsky.org> wrote:
>
> Thanks Ken. here the link of official SIPP website
> <http://sipp.sourceforge.net/> http://sipp.sourceforge.net/
>
>
> I didn't know it was a HP app ! :0)
>
>
> ----- Original Message -----
>
> *From:* Ken Rice <mailto:krice at freeswitch.org <krice at freeswitch.org>>
>
> *To:* FreeSWITCH Users Help <mailto:freeswitch-users at lists.freeswitch.org<freeswitch-users at lists.freeswitch.org>>
>
>
> *Sent:* Thursday, October 27, 2011 1:54 PM
>
> *Subject:* Re: [Freeswitch-users] High load on database server
>
>
> SIPP works fine for this... However keep in mind some of their default
> scenario files arent exactly the best in the world and can in many
> situations leave a bit to be desired... Check the wiki I think there is
> more info on this on there
>
> K
>
>
> On 10/27/11 12:51 PM, "Madovsky" < <mailto:infos at madovsky.org<infos at madovsky.org>>
> infos at madovsky.org> wrote:
>
>
>
> on this subject,
> is SIPp can be used to test to reproduce hundreds calls ?
>
>
>
> ----- Original Message -----
>
> *From:* Anthony Minessale < <mailto:anthony.minessale at gmail.com<anthony.minessale at gmail.com>>
> mailto:anthony.minessale at gmail.com <anthony.minessale at gmail.com>>
>
> *To:* FreeSWITCH Users Help < <
> mailto:freeswitch-users at lists.freeswitch.org<freeswitch-users at lists.freeswitch.org>>
> mailto:freeswitch-users at lists.freeswitch.org<freeswitch-users at lists.freeswitch.org>>
>
>
> *Sent:* Thursday, October 27, 2011 1:39 PM
>
> *Subject:* Re: [Freeswitch-users] High load on database server
>
>
> BTW I know it's a contradiction to tell you to consider older ODBC and
> newer FS but I wrote FS so I can attest to its stability especially the
> ODBC code in the core.
>
>
>
>
>
>
>
> On Thu, Oct 27, 2011 at 12:36 PM, Anthony Minessale < <
> http://anthony.minessale@gmail.com> anthony.minessale at gmail.com> wrote:
>
>
>
>
> Let's recap
>
>
>
> You have 4 moving parts, you have various versions of all 4 to choose
> from and even different implementations of 3 of the 4.
>
>
> ODBC LIB
> ODBC DRIVER
>
> DATABASE
>
> FS
>
>
>
> You must choose a stable combination of all 4 which may require specific
> configuration of each component as well.
>
>
>
> My only issue is FUD, I do not want people to advertise that FS does not
> work on ODBC under load when the whole story is FS does not work under
> load when you use fooODBC with barDRIVER with basBASE database server
> configured a particular way.
>
>
>
> It should never crash, if it does, its a bug in something. I can speak
> for FS that there is no bug there. The other 3 are variables.
>
> Remember this next time there is a discussion about using system libs and
> why we build our own depends. The one thing we use system libs for, ODBC,
> is a huge PITA.........
>
>
>
> Things to remember:
>
>
>
> 1) try the Threading=0 in the odbcinst.ini, this is a serious problem and
> has been made the default in latest versions.
>
> 2) If you must use Mysql, enable transactions and make sure your odbc.ini
> is referencing the threadsafe version of the lib
>
> libmyodbc3_r.so <-- note _r
>
> 3) Try various combos of drivers and odbc libs, many time newer is not
> better, stable versions lie in the past.
>
> 4) build the drivers and odbc yourself or get the debug symbols so you
> can get a backtrace, you could be finding a bug for them.......
>
> 5) Find a test to reproduce your problem so you can try different
> database engines and driver combos.
>
> 6) Make sure you are on latest FS git so you know you have a stable
> copy.
>
>
>
>
>
> Anyway, this is a pain, that's why ppl pay you to do it.
>
> Discuss this all you want here, just minimize any FUD to scare away
> people who want to use it.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Thu, Oct 27, 2011 at 12:24 PM, Hynek Cihlar < <
> http://hynek.cihlar@gmail.com> hynek.cihlar at gmail.com> wrote:
>
>
>
> Do not agree. Issues happening under extreme cases like high load with
> some specific conditions are hard to reproduce, sharing the
> information in this case is a lot more efficient, for all.
>
>
> Sent from my mobile device
>
>
>
>
> On Oct 27, 2011, at 18:56, Robert Huddleston < <
> http://rhuddleston@gmail.com> rhuddleston at gmail.com> wrote:
>
>
> > My bologna has a first name - it's O S C A R...
> >
> > This topic is getting really old... I have to agree with Antm - get out
> of
> > the lazy pants and do some research / hard work.
> >
> >
> > -----Original Message-----
> > From: <http://freeswitch-users-bounces@lists.freeswitch.org>
> freeswitch-users-bounces at lists.freeswitch.org
> > [ <mailto:freeswitch-users-bounces at lists.freeswitch.org<freeswitch-users-bounces at lists.freeswitch.org>>
> mailto:freeswitch-users-bounces at lists.freeswitch.org<freeswitch-users-bounces at lists.freeswitch.org>]
> On Behalf Of Sergey
>
> > Okhapkin
> > Sent: Thursday, October 27, 2011 12:43 PM
> > To: FreeSWITCH Users Help
> > Subject: Re: [Freeswitch-users] High load on database server
> >
> > What do you mean "shared ODBC"?
> >
> > On Thursday 27 October 2011, Madovsky wrote:
> >> but, is anyone experienced that with shared ODBC ? (managing more than
> 330
> >> concurrent calls)
> >>
> >> ----- Original Message -----
> >> From: "Madovsky" < <http://infos@madovsky.org> infos at madovsky.org>
> >> To: "FreeSWITCH Users Help" < <
> http://freeswitch-users@lists.freeswitch.org>
> freeswitch-users at lists.freeswitch.org>
> >> Sent: Thursday, October 27, 2011 12:33 PM
> >> Subject: Re: [Freeswitch-users] High load on database server
> >>
> >>> ha ok, good luck so
> >>>
> >>> ----- Original Message -----
> >>> From: "Cliff Wells" < <http://cliff@develix.com> cliff at develix.com>
> >>> To: "FreeSWITCH Users Help" < <
> http://freeswitch-users@lists.freeswitch.org>
> freeswitch-users at lists.freeswitch.org>
> >>> Sent: Thursday, October 27, 2011 12:26 PM
> >>> Subject: Re: [Freeswitch-users] High load on database server
> >>>
> >>>> On Thu, 2011-10-27 at 11:55 -0400, Madovsky wrote:
> >>>>> I means that depend the quality of your script ;)
> >>>>
> >>>> Quality isn't the issue here. The script is too simple to be
> incorrect
> >>>> (and it carefully releases the odbc connection back to the pool in a
> >>>> hangup handler). I have written poor-quality code plenty of times,
> but
> >>>> 25 years as a programmer usually allows me the luxury of knowing
> when
> >>>> I'm doing it, thanks.
> >>>>
> >>>> In any case, Lua scripts work fine. Google will tell you that
> unixODBC
> >>>> before 2.3.0 was a bit of a mess, so I expect the issue lies there,
> but
> >>>> again, I emphasize, everything WORKS GREAT (been using it for a
> couple
> >>>> of years now) until you get to very high concurrency (about 330
> >>>> concurrent calls on a single system). If you don't expect to
> handle
> >>>> more than 300 concurrent calls, then you do not need to worry about
> it.
> >>>> At all.
> >>>>
> >>>> Regards,
> >>>> Cliff
> >>>>
> >>>>
> >>>>
> >>>> FreeSWITCH-users mailing list
> >>>> <http://FreeSWITCH-users@lists.freeswitch.org>
> FreeSWITCH-users at lists.freeswitch.org
> >>>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>>
> > UNSUBSCRIBE: <
> http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>> <http://www.freeswitch.org> http://www.freeswitch.org
> >>
> >> FreeSWITCH-users mailing list
> >> <http://FreeSWITCH-users@lists.freeswitch.org>
> FreeSWITCH-users at lists.freeswitch.org
> >> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE: <
> http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> <http://www.freeswitch.org> http://www.freeswitch.org
> >
> >
> >
> > FreeSWITCH-users mailing list
> > <http://FreeSWITCH-users@lists.freeswitch.org>
> FreeSWITCH-users at lists.freeswitch.org
> > <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE: <
> http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> > <http://www.freeswitch.org> http://www.freeswitch.org
> >
> >
> >
> > FreeSWITCH-users mailing list
> > <http://FreeSWITCH-users@lists.freeswitch.org>
> FreeSWITCH-users at lists.freeswitch.org
> > <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE: <
> http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> > <http://www.freeswitch.org> http://www.freeswitch.org
>
>
> FreeSWITCH-users mailing list
> <http://FreeSWITCH-users@lists.freeswitch.org>
> FreeSWITCH-users at lists.freeswitch.org
> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE: <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> <http://www.freeswitch.org> http://www.freeswitch.org
>
>
>
>
>
>
>
>
> ------------------------------
>
>
>
>
> FreeSWITCH-users mailing list
> <mailto:FreeSWITCH-users at lists.freeswitch.org<FreeSWITCH-users at lists.freeswitch.org>>
> FreeSWITCH-users at lists.freeswitch.org
> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE: <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> <http://www.freeswitch.org> http://www.freeswitch.org
>
>
>
> FreeSWITCH-users mailing list
> <mailto:FreeSWITCH-users at lists.freeswitch.org<FreeSWITCH-users at lists.freeswitch.org>>
> FreeSWITCH-users at lists.freeswitch.org
> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE: <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> <http://www.freeswitch.org> http://www.freeswitch.org
>
>
>
>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
--
Anthony Minessale II
FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire
AIM: anthm
MSN:anthony_minessale at hotmail.com
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
IRC: irc.freenode.net #freeswitch
FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org
googletalk:conf+888 at conference.freeswitch.org
pstn:+19193869900
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20111027/5076d4ab/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list