[Systems] [Sugar-devel] trac breakage
Samuel Cantero
scanterog at gmail.com
Mon Mar 14 16:48:10 EDT 2016
On Mon, Mar 14, 2016 at 5:21 PM, James Cameron <quozl at laptop.org> wrote:
> On Mon, Mar 14, 2016 at 08:49:15AM -0300, Samuel Cantero wrote:
> > On Mon, Mar 14, 2016 at 3:39 AM, James Cameron <[1]quozl at laptop.org>
> wrote:
> >
> > On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero wrote:
> > > Regarding to the inability to access the user page, I've checked
> our
> > > current users and I found 97426 users. We had a lot of spam
> > > here. I've checked this by doing:
> > >
> > > sqlite> select count(*) from session;
> > > 97426
> >
> > Perhaps "session" is wrong table. My notes on this are;
> >
> > 0. trac.htdigest file is used to form list shown on manage user
> accounts,
> >
> > 1. passphrase is stored in trac.htdigest file,
> >
> > 2. the last login and authenticated flag are taken from session
> table,
> >
> > select * from session where sid = 'Quozl';
> >
> > 3. name and e-mail are taken from session_attribute table,
> >
> > select * from session_attribute where sid = 'Quozl';
> >
> > We should delete all information inside session and session_attribute
> tables.
> > We don't have any trac.htdigest file. Maybe 'cause we're storing pwd in
> the
> > trac database (SessionStore) [1].
> >
> > The ideal would be to delete users through the trac-admin utility:
> >
> > • List users: trac-admin /project session list
> >
> > I can find here the same users that we find in the session table.
> >
> > • Delete users: trac-admin /project session delete <username1> ...
> > <usernameN>
> >
> > But doing this for ~90.000 users is not viable.
>
> I'm guessing that you mean the unviable step is identifying the users.
>
Yes.
>
> Take the entire set of users, then remove the set of users who have
> created tickets or made comments, then use the set in a script that
> deletes each user.
>
> Eventually it should complete.
>
I can only test this kind of procedure on weekends when I usually have more
time. If you have time, go ahead.
>
> Then use whatever tools are necessary to optimise the table.
>
> >
> > 4. deletion of the users via manage user accounts results in removal
> > from trac.htdigest, removal from session table, removal from
> > session_attribute table.
> >
> > Hope that helps.
> >
> > > [...]
> > > I tried to remove all suspicious users with the trac-admin utility
> > > and directly by database but this is almost imposible.
> >
> > It may require very careful scripting, yes. Last time I looked at
> > that, I made a mistake deleted all users. (3rd March 2014, for
> > [2]dev.laptop.org). It hasn't been a problem since.
> >
> > > I guess we should delete all users and ask them to re-register
> > > again. However, I don't want to proceed before your approval.
> >
> > I'm fine with that. Let's hear from others.
> >
> > --
> > James Cameron
> > [3]http://quozl.netrek.org/
> >
> > [1] [4]https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
> >
> > References:
> >
> > [1] mailto:quozl at laptop.org
> > [2] http://dev.laptop.org/
> > [3] http://quozl.netrek.org/
> > [4] https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
>
> --
> James Cameron
> http://quozl.netrek.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20160314/5469f724/attachment.html>
More information about the Systems
mailing list