Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-18466

Possible to kill server by accessing the mail detail report without an id

          Details

          • Type: Bug
          • Status: Open
          • Priority: Trivial
          • Resolution: Unresolved
          • Affects Version/s: 4.7.6
          • Fix Version/s: None
          • Component/s: None
          • Labels:
            None
          • Versioning Impact:
            Patch (backwards-compatible bug fixes)
          • Documentation Required?:
            None
          • Funding Source:
            Needs Funding

            Description

            I'm not quite sure the answer but we had a customer report a server outage from a query that turned out to be as a result of someone accessing the Mailing Detail Report without any criteria. Without criteria this report queries mailing tables which are regularly over 100MB indiscriminately.

            As a stop gap I have added to their site a statusBounce to enforce providing an id when accessing the report. I'm not sure what a more nuanced approach would look like

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    eileen Eileen McNaughton
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated: