[Sugar-devel] [Systems] trac breakage

Samuel Cantero scanterog at gmail.com
Mon Mar 14 07:49:15 EDT 2016

Previous message: [Sugar-devel] [Systems] trac breakage
Next message: [Sugar-devel] [Systems] trac breakage
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 14, 2016 at 3:39 AM, James Cameron <quozl at laptop.org> wrote:

> On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero wrote:
> > Regarding to the inability to access the user page, I've checked our
> > current users and I found 97426 users. We had a lot of spam
> > here. I've checked this by doing:
> >
> > sqlite> select count(*) from session;
> > 97426
>
> Perhaps "session" is wrong table.  My notes on this are;
>
> 0. trac.htdigest file is used to form list shown on manage user accounts,


> 1. passphrase is stored in trac.htdigest file,


> 2. the last login and authenticated flag are taken from session table,
>
>    select * from session where sid = 'Quozl';


> 3. name and e-mail are taken from session_attribute table,
>
>    select * from session_attribute where sid = 'Quozl';
>

We should delete all information inside session and session_attribute
tables. We don't have any trac.htdigest file. Maybe 'cause we're storing
pwd in the trac database (SessionStore) [1].

The ideal would be to delete users through the trac-admin utility:

   - List users: trac-admin /project session list

I can find here the same users that we find in the session table.


   - Delete users: trac-admin /project session delete <username1> ...
   <usernameN>

    But doing this for ~90.000 users is not viable.

4. deletion of the users via manage user accounts results in removal
>    from trac.htdigest, removal from session table, removal from
>    session_attribute table.


> Hope that helps.
>
> > [...]
> > I tried to remove all suspicious users with the trac-admin utility
> > and directly by database but this is almost imposible.
>
> It may require very careful scripting, yes.  Last time I looked at
> that, I made a mistake deleted all users.  (3rd March 2014, for
> dev.laptop.org).  It hasn't been a problem since.
>
> > I guess we should delete all users and ask them to re-register
> > again. However, I don't want to proceed before your approval.
>
> I'm fine with that.  Let's hear from others.
>
> --
> James Cameron
> http://quozl.netrek.org/
>

[1] https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20160314/fec96663/attachment-0001.html>

Previous message: [Sugar-devel] [Systems] trac breakage
Next message: [Sugar-devel] [Systems] trac breakage
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list