niksargent's posterous

let's do things differently

exposing your internals - visual.ly

I feel sorry for Visual.ly - who have announced what seems like an awesome visualisation service and consequently been swamped by interest. Their website has been up, down and in-between most of  the day... I'd love to try the service but have been able to.

The thing that struck me - and it's still pretty much common practice - is the errors spewing out from their pages, for example:

  • Notice: Undefined property: stdClass::$picture in include() (line 10 of /var/www/html/sites/all/themes/infographics/page.tpl.php).
  • Notice: Undefined index: size in get_all_infographics() (line 364 of /var/www/html/sites/all/modules/ig_frontend/ig_frontend.helper.php).
  • Notice: Undefined index: size in get_all_infographics() (line 375 of /var/www/html/sites/all/modules/ig_frontend/ig_frontend.helper.php).
  • PDOException: SQLSTATE[08S01]: Communication link failure: 1053 Server shutdown in progress: SELECT MAX ( intermediate.Total ) as cat_max, MIN ( intermediate.Total) as cat_min FROM ( SELECT SUM (IFNULL(nr.likes, 0)) as Total FROM {node} n LEFT JOIN node_rates nr ON nr.nid = n.nid LEFT JOIN field_data_field_category ON entity_id = n.nid WHERE field_category_tid = '46' and n.status=1 GROUP BY n.nid ) as intermediate; Array ( ) in get_infographic_statistics() (line 241 of /var/www/html/sites/all/modules/ig_frontend/ig_frontend.helper.php).

    • This is bad stuff, because it starts to reveal some of the internal structure of their databases. Personally I feel it is incumbent upon providers of online services, where users create and store data, to be really fixated on security and avoid easily-avoidable vulnerabilities such as this which is a result of lazy developers not turning off errors and sending them to log files instead of the browser. It's fine in a test environment, but not for a production environment.

    Not to mention the fact that it looks like some hefty table joins going on there each time the page is hit - no wonder the database feels like having a rest!