Unexpected SQL queries to Postgres database on Rails/Heroku

前端 未结 4 879
灰色年华
灰色年华 2021-02-07 10:47

I was diving into a really long request to one of my Rails applications using NewRelic and found a number of SQL queries that appear entirely foreign that are taking up a signif

相关标签:
4条回答
  • 2021-02-07 11:13

    are queries generated from user input in your application? if so, if you don't have controls on user input, then maybe it's an sql injection from someone trying to hack your app.

    http://en.wikipedia.org/wiki/SQL_injection

    i'm not real familiar with rails, so i don't know if it has automatically created queries that you as the developer don't know about, but i wouldn't think so.

    0 讨论(0)
  • 2021-02-07 11:26

    The tables pg_class, pg_attribute, pg_depend etc all describe table, columns and dependencies in postgres. In Rails, model classes are defined by the tables, so Rails reads the tables and columns to figure out the attributes for each model.

    In development mode it looks up these values everytime the model is accessed, so if you've mad e a recent change, Rails knows about it. In production mode, Rails caches this so you would see these much less frequently, and so it really isn't a concern.

    0 讨论(0)
  • 2021-02-07 11:28

    I was getting these queries when using Apartment Gem for multitenancy with Postgres Schemas. Apparently each excluded_model - a model that uses default schema - was generating one "pg_class" query in every request.

    The guys from Apartment fixed it in version 0.25.0.

    0 讨论(0)
  • 2021-02-07 11:30

    These queries are used to get the "definition" of your tables and fields and are probably used by the framework to you're using to automatically generate models and/or validation rules in Ruby. (E.g. "Introspection")

    I do not have experience with Ruby and the framework you're using, but I don't expect these queries to originate from SQL injection.

    You can run the queries yourself in pgAdmin or psql to show the results they're producing and get an idea what information they get from the database

    0 讨论(0)
提交回复
热议问题