Enhancement: Useless hikari SSL warning floods the console
povsister opened this issue ยท 7 comments
Hi
I am running a bungeecord server cluster so I set luckperm's backend data storage to MySQL.
Since I have the MySQL instance running on the same server. Using SSL for data connection is unnecessary.
Unfortunately. the hikari lib which is used by LP to maintain DB connection pool keeps generating lots of useless warnings. Making the console output ugly and difficult to read.
According to the warning message. I think it can be turn of by setting useSSL=false in Initializing the pool when a local DB instance detected.
Please have a look into this issue.
Thanks for your effort.
Screenshot:
Head over to the storage system errors page of the wiki.
It has a section about your issue.
Head over to the storage system errors page of the wiki.
It has a section about your issue.
Many thanks!
But why not have those two options default commented in config.yml ?
It's quiet a common issue when using an external DB storage.
I am considering raising a pull request to do some enhancement.
Because it is insecure. And insecure by default is a bad practice.
Keep in mind it works without the setting. It just prints a warning.
Now if disabling SSL is the default then MySQL servers that do use SSL are being used they are being used insecurely. Because no one (except a very select few people) will ever touch that config unless needed.
As I wrote before.
It just a suggestion which NOT enabled by default.
But it really help people like me save time on searching WiKi for solution.
Also, I agree with you that "insecure by default is a bad practice."
But have you read the code or comment above? It's nonsense having SSL enabled on local database backend.
But have you read the code or comment above? It's nonsense having SSL enabled on local database backend.
But it also isn't bad if you still have it.
When I setup my database did I never receive the SSL warning, even tho it was a locally installed database, so I would say that a normal installation would have this option active by default. Not sure tho.
But have you read the code or comment above? It's nonsense having SSL enabled on local database backend.
Of course I saw that. While I do agree that it doesn't matter I consider it irrelevant concerning whether it should be enabled by default or not.
And the current behavior of trying to use SSL but falling back to no SSL and printing a warning is the right behavior. Even if 99% of people weren't using SSL, because a warning is about a billions times better than a serious vulnerability. If it wouldn't work, then the discussion would be a different story.
It just a suggestion which NOT enabled by default.
That's the part I missed, my apologies. I was just skimming over your post as I was using my phone and was a bit distracted.