Jump to content

[SOLVED] Process List - Concern?

jaymc

By jaymc
in MySQL Help

 Share

Recommended Posts

jaymc Advanced Member

jaymc

Posted
Posted

here is the output from PhpMyAdmin of the process list of mysql at the time it was called

 

 

Should I be concerned about the number of processes for the chatroom

 

It uses a persistent connection that runs for 8 seconds but also refreshes every 6 seconds, rather than opening a new socket every 6 seconds...

 

66100  	root  	localhost  	jaydio_chatroom  	Sleep  	7  	   	NULL
66110 	root 	localhost 	jaydio_chatroom 	Sleep 	6 	  	NULL
66116 	root 	localhost 	jaydio_chatroom 	Sleep 	6 	  	NULL
66119 	root 	localhost 	jaydio_chatroom 	Sleep 	6 	  	NULL
66125 	root 	localhost 	jaydio_chatroom 	Sleep 	6 	  	NULL
66129 	root 	localhost 	jaydio_chatroom 	Sleep 	6 	  	NULL
66131 	root 	localhost 	jaydio_chatroom 	Sleep 	5 	  	NULL
66134 	root 	localhost 	jaydio_chatroom 	Sleep 	5 	  	NULL
66137 	root 	localhost 	jaydio_chatroom 	Sleep 	5 	  	NULL
66138 	root 	localhost 	jaydio_chatroom 	Sleep 	5 	  	NULL
66142 	root 	localhost 	jaydio_chatroom 	Sleep 	5 	  	NULL
66144 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66145 	root 	localhost 	jaydio_chatroom 	Sleep 	5 	  	NULL
66146 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66147 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66151 	root 	localhost 	jaydio_chatroom 	Sleep 	5 	  	NULL
66153 	root 	localhost 	jaydio_chatroom 	Sleep 	5 	  	NULL
66156 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66162 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66163 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66166 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66169 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66170 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66172 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66175 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66177 	root 	localhost 	jaydio_chatroom 	Sleep 	4 	  	NULL
66181 	root 	localhost 	jaydio_chatroom 	Sleep 	3 	  	NULL
66189 	root 	localhost 	jaydio_chatroom 	Sleep 	3 	  	NULL
66191 	root 	localhost 	jaydio_chatroom 	Sleep 	3 	  	NULL
66195 	root 	localhost 	jaydio_chatroom 	Sleep 	3 	  	NULL
66197 	root 	localhost 	jaydio_chatroom 	Sleep 	3 	  	NULL
66199 	root 	localhost 	jaydio_chatroom 	Sleep 	3 	  	NULL
66203 	root 	localhost 	jaydio_chatroom 	Sleep 	2 	  	NULL
66208 	root 	localhost 	jaydio_forum 	Query 	0 	Sending data 	SELECT s.* FROM ibf_sessions s WHERE (s.location_2_id IN (4,40,43,72,14,6,15,21,20,10,7,12,52,37)) A
66209 	root 	localhost 	jaydio_chatroom 	Sleep 	2 	  	NULL
66212 	root 	localhost 	jaydio_chatroom 	Sleep 	2 	  	NULL
66220 	root 	localhost 	jaydio_chatroom 	Sleep 	1 	  	NULL
66222 	root 	localhost 	jaydio_chatroom 	Sleep 	1 	  	NULL
66226 	root 	localhost 	jaydio_chatroom 	Sleep 	0 	  	NULL
66231 	root 	localhost 	jaydio_chatroom 	Sleep 	0 	  	NULL
66232 	root 	localhost 	jaydio_chatroom 	Sleep 	0 	  	NULL
66230 	root 	localhost 	jaydio_chatroom 	Sleep 	0 	  	NULL
66235 	root 	localhost 	jaydio_chatroom 	Sleep 	0 	  	NULL
66241 	root 	localhost 	jaydio_chatroom 	Sleep 	0 	  	NULL
66243 	root 	localhost 	NULL 	Sleep 	0 	  	NULL
66244 	root 	localhost 	NULL 	Query 	0 	NULL 	SHOW PROCESSLIST

Link to comment
Share on other sites
jaymc Advanced Member

jaymc

Posted
  • Author
Posted

So in my case is it better to just have it reopen a sql socket every 6 seconds rather than have it as persistant?

 

Sometimes there can be 60 users in the chat at one time

 

60 x mysql connections in a 6 second span

 

So basically 10 every second from the chatroom alone which has 3 queries so thats 30 queries a second from the chatroom

 

Thats why I opted for persistant connection for 8 seconds

 

Advise?

 

Link to comment
Share on other sites
shoz Newbie

shoz

Posted
Posted

If you're connecting to the database using the root user as your ProcessList output suggests, you're risking the possibility of someone gaining complete control over MYSQL if any of your scripts have SQL injection or the like vulnerabilities.

 

When you write your own scripts try to give only as much access to the database as is required. So for example, if the script only performs SELECTs then you should connect to the server with the user that only has SELECT rights to the database.

 

When you install third party scripts and they require a database, you create a user solely for that script which only has access to the database in question.

 

To make the point clearer. I believe you're using Invision Power Board. If you are, or had been using any of the following versions

 

Vulnerable Systems:

* Invision Power Board 2.0.x

* Invision Power Board 2.1.0 - 2.1.7

* Invision Power Board 2.2 Beta 1

 

The entire Server could have been compromised. Invision Power Board Multiple Vulnerabilities (Toolbox SQL)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.