Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Concurrency hazards with audit-log? #63

Open
pakal opened this issue Jun 3, 2019 · 1 comment
Open

Concurrency hazards with audit-log? #63

pakal opened this issue Jun 3, 2019 · 1 comment

Comments

@pakal
Copy link

pakal commented Jun 3, 2019

I looked at the code, but I couldn't find how it isolated HTTP requests from one another.

It seems that if two requests from two users arrive at the same time, both will setup signal handlers, and receive all modifications (even those made by the other user), using the memory-global "registry" to. If so, this is a serious bug, since audit-log becomes unreliable, stuffing the wrong user into the wrong model instance.

Am I missing something ine the signal dispatching system ? Or does django-audit-log
only work with single-threaded servers?
@douglasortega
Copy link

I can confirm this is an issue for multithreaded servers. We didn't use this package but we had the basically the same logic for user assignment and yes it was a complete nightmare. Millions of records in the database had the wrong user assigned. What triggered the investigation on this issue was when some deleted a user and many critical records in the database got deleted because of the cascade delete we had in place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pakal @douglasortega