Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#24777 closed New feature (wontfix)

Add support for statement_timeout

Reported by: Jon Dufresne Owned by: nobody
Component: Database layer (models, ORM) Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Some database servers have support for the max time a SQL statement can execute before it is aborted. In PostgreSQL this is the statement_timeout variable. Other database servers may have similar features available.

I'm suggesting that Django expose a database setting that allows connections to set this variable. This will allow applications to easily set limits on this resource. A bug in an application may unexpectedly produce a long running query. It is often more desirable to kill the request/query than to allow the request to continue consuming resources. A bug of this nature could lead to a DOM vulnerability in an application. Setting statement_timeout could help reduce the harm of such a bug.

PR to follow.

Change History (6)

comment:2 by Aymeric Augustin, 9 years ago

It's usually preferable to define such settings in the database server configuration to avoid the overhead of an extra SQL query on each connection. Did you consider this, and if so, how do you plan to address it? (SET TIME ZONE works similarly and has been the subject of long discussions about not making an extra SQL query when not needed.)

I see that your patch only deals with PostgreSQL. In order to maintain feature-parity between database backends, this option should be added to every backend where it can be implemented.

However, if you're focusing on PostgreSQL, perhaps a more useful generalization would be to support setting arbitrary connection options. I would prefer adding a generic mechanism for setting connection options rather than a special case for one of them that you happen to find useful.

comment:3 by Jon Dufresne, 9 years ago

It's usually preferable to define such settings in the database server configuration to avoid the overhead of an extra SQL query on each connection. Did you consider this, and if so, how do you plan to address it?

I see your point. Motivation for this change came directly from PostgrSQL's documentation which reads: http://www.postgresql.org/docs/current/static/runtime-config-client.html

Setting statement_timeout in postgresql.conf is not recommended because it would affect all sessions.

So I was taking PostgreSQL's advice by avoiding globally setting this and instead only set it for the application that needs it.

I could add to the documentation to recommend setting this as the server level for dedicated database servers.

I see that your patch only deals with PostgreSQL. In order to maintain feature-parity between database backends, this option should be added to every backend where it can be implemented.

Sure I'll look into this. I kind of wanted to float the idea first.

However, if you're focusing on PostgreSQL, perhaps a more useful generalization would be to support setting arbitrary connection options. I would prefer adding a generic mechanism for setting connection options rather than a special case for one of them that you happen to find useful.

That is an interesting idea. I can take look at what this would take.

comment:4 by Anssi Kääriäinen, 9 years ago

Resolution: wontfix
Status: newclosed

On PostgreSQL you can alter the user directly:

ALTER USER django_db_user SET statement_timeout = 10;

There is also connection_created signal which should allow running arbitrary SQL for new connections. So, I don't think there is need for this feature.

comment:5 by Aymeric Augustin, 9 years ago

For the record, there's also the PGOPTIONS environment variable.

comment:6 by ris, 9 years ago

Keep in mind not everybody has admin access to their postgres installation (shared hosting?).

Note: See TracTickets for help on using tickets.
Back to Top