Hello,
My name is Mohamed Ashraf. I was a GSoC student last year and I worked on the original version of the error reporting server. I would like to apply to be the student doing this idea. I just wanted to ask a few questions. Do you want to submit only fatal errors or any kind of error or warning to be submittable. Also can I see an example of a PHP error you expect might occur that you want the user to be able to submit. Finally how much information do you want the user of phpMyAdmin who submits the PHP error to know. PHP errors may be sensitive and may give extra information to attackers so I do not think that it is wise to give them to the user but that information may help the developers find the problem faster so I think the developers should have access to some potentially sensitive information.
I think it is better to store them server side and have them submitted if the user wishes directly without a preview. And having them private in the error reporting server for only those with commit access to the phpMyAdmin repo. The server already detects if you have commit access since last year but I never knew what to do with the information. They can then mark the errors as public again if nothing sensitive is in the report.
What do you think?
Hi
Dne Tue, 11 Mar 2014 09:06:15 +0200 Mohamed Ashraf mohamed.ashraf.213@gmail.com napsal(a):
My name is Mohamed Ashraf. I was a GSoC student last year and I worked on the original version of the error reporting server. I would like to apply to be the student doing this idea. I just wanted to ask a few questions. Do you want to submit only fatal errors or any kind of error or warning to be submittable.
phpMyAdmin does already collect PHP errors, so all which are being collected right now.
Also can I see an example of a PHP error you expect might occur that you want the user to be able to submit.
For example undefined variable.
Finally how much information do you want the user of phpMyAdmin who submits the PHP error to know. PHP errors may be sensitive and may give extra information to attackers so I do not think that it is wise to give them to the user but that information may help the developers find the problem faster so I think the developers should have access to some potentially sensitive information.
I don't think we should include anything potentially sensitive in the error report, this would cause us only bad reputation.
On Fri, Mar 14, 2014 at 2:33 PM, Michal Čihař michal@cihar.com wrote:
Hi
Dne Tue, 11 Mar 2014 09:06:15 +0200 Mohamed Ashraf mohamed.ashraf.213@gmail.com napsal(a):
My name is Mohamed Ashraf. I was a GSoC student last year and I worked on the original version of the error reporting server. I would like to apply to be the student doing this idea. I just wanted to ask a few questions.
Do
you want to submit only fatal errors or any kind of error or warning to
be
submittable.
phpMyAdmin does already collect PHP errors, so all which are being collected right now.
Also can I see an example of a PHP error you expect might
occur that you want the user to be able to submit.
For example undefined variable.
Finally how much information do you want the user of phpMyAdmin who submits the PHP error
to
know. PHP errors may be sensitive and may give extra information to attackers so I do not think that it is wise to give them to the user but that information may help the developers find the problem faster so I
think
the developers should have access to some potentially sensitive
information.
I don't think we should include anything potentially sensitive in the error report, this would cause us only bad reputation.
-- Michal Čihař | http://cihar.com | http://blog.cihar.com
Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
ok another question, I saw in the ideas page "Better integration of error reporting server with our issue tracking at sf.net" what do you mean by that. what type of better integration
Hi
Dne Fri, 14 Mar 2014 21:33:42 +0200 Mohamed Ashraf mohamed.ashraf.213@gmail.com napsal(a):
ok another question, I saw in the ideas page "Better integration of error reporting server with our issue tracking at sf.net" what do you mean by that. what type of better integration
This mostly refers to the issues reported in the tracker: https://github.com/phpmyadmin/error-reporting-server/issues?state=open
But further ideas are welcome.
-
Michal Čihař -
Mohamed Ashraf