wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Grigorov <mgrigo...@apache.org>
Subject Re: Google and DevUtils Inspector Page can kill your WebApp
Date Thu, 12 Sep 2019 07:14:42 GMT
Hi Илья,

On Thu, Sep 12, 2019 at 12:04 AM Илья Нарыжный <phantom@ydn.ru> wrote:

> Hello,
>
> This is real-life story. It started a relatively long time ago: our
> demo server from time to time had OurOfMemory condition. It was
> strange because the solution itself is very well "stress volume
> tested". So we were just rebooting demo server after such incidents.
> But it started to happen more frequently and we performed an
> investigation with interesting results which can be used as Best
> Practice and/or one more issue for Wicket.
>
> 1) We have found that most memory-consuming objects where java
> Threads. Specifically for InspectorPage from Wicket devutils.
> 2) Our applications pages don't have memory leakage condition. But
> there is one trick: some of our pages are built dynamically and
> depends on a data model. Sometimes data model might be recurrent, so
> without special treatment - Wicket will render that forever. We have
> this protection on our pages, but that was a main root-cause
> component: InspectorPage during inspecting of our pages for some
> reason doesn't see that actually recurrent elements are cut during
> rendering.
> 3) But how someone gets into InspectorPage? Apparently that was Google
> - it was trying to index our demo site and there is no protection from
> following to InspectorPage in DevUtils panel.
>
> So, some lessons learned items and comments:
> 1) If it's possible - do not deploy DevUtils - use them during actual
> development.
>

Maybe we should improve the documentation but *dev*-utils means that it is
supposed to be used during development cycle.
Same for DEVELOPMENT configuration type!
Please use DEPLOYMENT config type for production!


> 2) It will be good to investigate InspectorPage - why it's trying to
> build structure infinitely disregard of the fact that on real page
> it's actually cut off.
> 3) It might make sense to include such utils and etc into /robots.txt
> to protect from indexing
>

2) and 3) are specific to your application. Only you can investigate more.


> 4) Also, it might make sense to add "nofollow" to a link in DevUtils
> panel which leads to InspectorPage
>

Please send a Pull Request and we will merge it for the next release!
Thanks!


>
> Thanks,
> Ilia
>
> ---------------------------------------------
> Orienteer(http://orienteer.org) - open source Business Application
> Platform
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message