[wp-hackers] WordPress Charset SQL Injection Vulnerability

DD32 wordpress at dd32.id.au
Sun Dec 16 08:14:45 GMT 2007 

> On Dec 15, 2007 10:10 PM, Jeremy Visser <jeremy.visser at gmail.com> wrote:
>> +1
>>
>> http://digg.com/software/WordPress_com_adds_suspport_for_Digg_buttons
>>
>> The low standard of comments on Digg is beaten only by YouTube. Getting
>> rid of that association can only be a good thing.
>>
>> photomatt:
>>        Our free hosting is on the same grid (hundreds of servers) that
>>        our VIPs are, so whether you're free or VIP your site still
>>        won't ever go down due to increased traffic. When Anousheh
>>        Ansari went to space her blog was on WP.com, and it got Dugg,
>>        Slashdotted, BBCed, Farked, and Yahooed within hours of each
>>        other, it was fine.
>>
>> nreynolds:
>>        @ photomat
>>        I understand that you work for Wordpress, but that's just
>>        ridiculous. The Wordpress database error is the most common
>>        error on Digg, and it happens ALL THE TIME.
>>
>> Makes me want to throw up.

I'd like to say +1 from me too
I'm sick of people blaming WordPress because some moron is using it on a host which cannot handle the ammount of traffic which is being directed at it, Quite often the site is rather responsive too, its just that MySQL is rejecting connection attempts.

Just to throw a thought out about this quickly:
Currently WP connects to the database as soon as its loaded, correct? Regardless of if any queries are going to be made.

This happens before any caching plugins have a chance to take over, Maybe WordPress should delay connecting to the database until a query is actually sent?, That way, If a user has a HTML Caching plugin installed, it should be able to spit out the page without ever requiring a database connection(Thats making the assumption that the caching plugin doesnt require get_option() -- I guess the Object cache would be helpful there).

I know its possible for hosts to be setup and handle WP very well, But the majority of shared hosters have low mysql connection limits.. which is why WordPress gets such a bad rep amongst the digg crowd(Who honestly, You'd hope would know better than to blame WP for a 3rd party glitch.. Then again, *most* would blame Vista for a hardwares driver not working correctly..)

D

More information about the wp-hackers mailing list