Hello again,
Sorry for the double post and not using your bug tracker, I'm not on
GitHub and don't know the markup, I really hope no one minds.
When profiling does work (see previous email) quite often the pie-chart
can be dominated by one very large chunk (usually "sending data"), it'd
be great if you could "uncheck" rows from the summary table (or even the
raw table) and then remove them from the summary contributions or the
pie chart.
Alec
Hello there,
I've had a few problems with PMA (I'm trying to migrate from the
7-year-deprecated mysql gui tools I still run via Wine, am I alone in
this?) and I've found a bug, and a minor bug.
First, if you profile a select that uses a user-defined function, no
profiling result is shown, there's no error or warning either, nothing.
Just the result set.
That's the bug.
Second, when designing the user defined function that has the power to
disable profiles I'd get quite a long error report if the syntax was
wrong, something like:
"Error in statement (ENTIRE BODY OF QUERY) at or around (bit that
actually went wrong)"
I had to use a mix of zoom and responsive design view to actually get to
read the bit I wanted.
If you could make the error box wider, or show the useful bit of
information, that'd be great.
While I am here, I'd really love an "explain extended" option next to
explain, and also there's a new JSON format, it'd be really good if you
guys allowed fields to be of a JSON type (so you can collapse and expand
lists, items of lists) - you wouldn't need to interpret the actual
explain format to make this useful as it's pretty self descriptive.
Alec
I can help if you guys can are willing to answer questions about where
to find things.
Hi,
Sorry for delay.
I forgot the versions:
Database server
Server: fone2 (127.0.0.1 via TCP/IP)
Server type: MySQL
Server version: 5.7.12-0ubuntu1 - (Ubuntu)
Protocol version: 10
User: szabolcs@localhost
Server charset: UTF-8 Unicode (utf8)
Web server
Apache/2.4.18 (Ubuntu)
Database client version: libmysql - mysqlnd 5.0.12-dev - 20150407 - $Id:
f59eb767fe17a6679589b5c076d9fa88d3d4eac0 $
PHP extension: mysqli curl mbstring
PHP version: 7.0.4-7ubuntu2.1
openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.2g-fips 1 Mar 2016
OpenSSL Header Version OpenSSL 1.0.2g-fips 1 Mar 2016
Openssl default config /usr/lib/ssl/openssl.cnf
If you have to authenticate with certification you use mysqli_ssl_set(). In
this case you need private key and certification. But if you want only a
secure communication (like https) you don't need these. Only need
mysqli_client_ssl flag to use ssl.
>From mysql log:
2016-06-03T06:02:02.098148Z11604 Connect szabolcs(a)xxx.xxx.xxx.xxx on
using SSL/TLS
Regards,
Szabolcs
Date: Thu, 2 Jun 2016 09:16:40 -0400
> From: Isaac Bennetch <bennetch(a)gmail.com>
> To: Developer discussion for phpMyAdmin <developers(a)phpmyadmin.net>
> Subject: Re: [phpMyAdmin Developers] Connect with SSL
> Message-ID: <dc965fae-89cf-26a0-d22a-c3b7fab3f561(a)gmail.com>
> Content-Type: text/plain; charset=utf-8
>
> Hi, thanks for your report and detailed research. Please see below...
>
> On 6/2/16 8:24 AM, Kordován Szabolcs wrote:
> > Hi,
> >
> > I had a problem with secure connection to sql server.
> > I use mysqli extension, I configured server['ssl'] = true. I have a user
> > 'szabolcs' in sql who needs ssl.
> > First I received 'mysqli_real_connect(): (HY000/1045): Access denied for
> > user 'szabolcs'@'localhost' (using password: YES)'.
> > That was why PMA doesn't use MYSQLI_CLIENT_SSL. I should add it to
> > $client_flags.
>
> As far as I'm aware, PHP doesn't need MYSQLI_CLIENT_SSL when calling
> mysql_ssl_set() before mysqli_real_connect(). The current documentation
> doesn't reference this scenario at all, but previous versions did state
> that MYSQLI_CLIENT_SSL was not required here (see, for example, [1]).
>
> > After this I got the following error:'mysqli_query(): SSL operation
> > failed with code 1. OpenSSL Error messages: error:0607A082:digital
> > envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length
> > error:0607A082:digital envelope
> > routines:EVP_CIPHER_CTX_set_key_length:invalid key length'.
> >
> > PMA uses openssel functions to encrypt values in cookie if openssl
> > functions exist, other case PMA uses Crypt\AES. With Crypt\AES PMA works
> > fine.
> > I don't know the exact source of this problem. I think openssl functions
> > have a bug.
>
> There was some incompatibility between MySQL and OpenSSL (see [2]),
> however the error reported was a bit different.
>
> > Because the mysqli connection with ssl is successful After connection
> > in common.inc.php $auth_plugin->storeUserCredentials() is called. This
> > function stores the username and password and other parameters into
> > cookie. To encrypt:
> > openssl_encrypt(
> > $data,
> > 'AES-128-CBC',
> > $secret,
> > 0,
> > $this->_cookie_iv
> > );
> > I think the problem is that openssl_encrypt change the cipher to
> > AES-128-CBC globally. It means the cipher of mysqli connection is also
> > modified. This is why mysqli_query failed after encryption.
>
> Interesting.
>
> > Here is my solution:
> >
> > diff -ruN original/libraries/dbi/DBIMysqli.php
> > working/libraries/dbi/DBIMysqli.php
> > --- original/libraries/dbi/DBIMysqli.php 2016-05-25
> > 19:07:44.000000000 +0200
> > +++ working/libraries/dbi/DBIMysqli.php 2016-05-26 15:55:49.000000000
> +0200
> > @@ -152,6 +152,7 @@
> >
> > /* Optionally enable SSL */
> > if ($cfg['Server']['ssl']) {
> > + $client_flags |= MYSQLI_CLIENT_SSL;
> > mysqli_ssl_set(
> > $link,
> > $cfg['Server']['ssl_key'],
> > diff -ruN original/libraries/plugins/auth/AuthenticationCookie.php
> > working/libraries/plugins/auth/AuthenticationCookie.php
> > --- original/libraries/plugins/auth/AuthenticationCookie.php
> > 2016-05-25 19:07:44.000000000 +0200
> > +++ working/libraries/plugins/auth/AuthenticationCookie.php
> > 2016-05-26 15:56:27.000000000 +0200
> > @@ -661,6 +661,7 @@
> > */
> > public static function useOpenSSL()
> > {
> > + return false;
>
> This also makes me think about some sort of OpenSSL problem.
>
> > return (
> > function_exists('openssl_encrypt')
> > && function_exists('openssl_decrypt')
> > diff -ruN original/RELEASE-DATE-4.6.1 working/RELEASE-DATE-4.6.1
> > --- original/RELEASE-DATE-4.6.1 1970-01-01 01:00:00.000000000 +0100
> > +++ working/RELEASE-DATE-4.6.1 2016-05-02 17:24:00.000000000 +0200
> > @@ -0,0 +1 @@
> > +Mon May 2 21:23:35 UTC 2016
> >
> > Regards,
> > Szabolcs
> >
> >
> > _______________________________________________
> > Developers mailing list
> > Developers(a)phpmyadmin.net
> > https://lists.phpmyadmin.net/mailman/listinfo/developers
>
> >From phpinfo() could you please provide your OpenSSL version? Mine is
> 1.0.1k.
>
> >From the main page of phpMyAdmin, could you please provide "Database
> client version", "PHP extension", and "PHP version" information? (Mine
> is libmysql - 5.5.49 / mysqli curl mbstring / 5.6.20-0+deb8u1 )
>
> Regards,
> Isaac
>
>
> 1 -
>
> http://board.phpbuilder.com/showthread.php?10383611-Connecting-PHP-and-MYSQ…
> 2 - https://bugs.mysql.com/bug.php?id=64870
>
>
>
Overview
The phpMyAdmin Project is looking for a full-time or part-time developer
to assist in development, including bug fixing and refactoring.
Work plan
The ideal candidate will dynamically balance their workload based on
outstanding issues and priority, but is anticipated to break down to
these percentages (in priority order of what's most important to least
important):
Security maintenance (5%)
Bug fixing and issue assessment (45%)
Code base improvement like refactoring and writing unit tests (45%)
Implementation of new features (5%)
Work conditions
The Developer shall publish a weekly blog post about his/her work to
the phpMyAdmin community.
The Developer shall send a monthly invoice to the Software Freedom
Conservancy for the work done during that month.
All work produced by the Developer is to be licensed under "GPLv2 or
later".
This is an independent contractor position: the Developer will be
responsible for his/her own equipment and expenses.
The Candidate
The candidate will be able to demonstrate a very good knowledge of
phpMyAdmin's code base. In addition, we expect excellent skills in all
of the technologies used by phpMyAdmin (PHP, HTML, JavaScript, jQuery,
CSS, MySQL) and excellent communication skills.
Applying
Candidates should submit their proposal (including their CV,
availability, and financial terms) to: pmadeveloper(a)sfconservancy.org.
The deadline for this initial round of proposals is 2016-06-30.
Hi, over at Stack Overflow a user has a strange table size reported
(2.1,000,000,000,000,000,888 KiB; after running REPAIR one other table's
similar problem was fixed). This seems odd, our rounding of this number
should not produce such a strange number. Has anyone seen anything
similar to this? One table affected for one user doesn't make a very
good bug report, but if there's a shortcoming we of course want to try
to fix it. Any thoughts?
Hello, just a reminder that we have the scheduled monthly phpMyAdmin
developer meeting on Wednesday. The agenda is quite light, so feel free
to add some more discussion points[1]
See you then,
Isaac
1 - https://github.com/phpmyadmin/phpmyadmin/wiki/2016-06_Meeting
Since the 4.4 branch is scheduled to end security-support status in
October, around the first of July (three months prior to the end of
support), I plan to send out an announcement like the one below.
We at the phpMyAdmin project wish to remind you that the 4.4 branch will
enter end-of-life and receive no further updates or support after
October 1, 2016. We recommend upgrading promptly to avoid any
interruption to security support.