Add support for query timeout for datasource and/or globally for an application

Description

Setting a query timeout is considered good practice to prevent DoS attacks, and in general can protect your app from hanging threads when a query does not return. I believe this has been supported in ACF since CF9, and is specified in the datasource settings.

Currently in Lucee, there is no way to specify a query timeout value on a per-datasource level, and is only partially possible on a per-application level. The only thing that comes close would be to add: this.tag.query.timeout = 60; to application.cfc, but this setting is ignored when calling queryExecute().

Ideally, you should be able to do both. One use-case that's interesting for setting it on a per-datasource level is when you setup two separate datasources that point to the same database, each with a different query timeout setting... the DSN with a longer timeout is used for admin/reporting features that have heavier queries, and the other is used for end users.

Here's an article that was written a long time ago, but is still relevant. http://www.carehart.org/blog/client/index.cfm/2010/7/14/hidden_gem_in_cf9_admin_querytimeout

In it, Charlie points out:

Why us this an important development? It's been a long-time issue that if a CFQUERY got hung up waiting for a response, that request thread (doing the CFQUERY) is then hung until the query finishes, which can sometimes be many minutes, or even hours or days, due to some odd situations. More important, a thread waiting for a query with no timeout can't be terminated (by the JVM, or CF, or the monitoring tools) because the thread was in a native thread state.

This is exactly the issue I'm currently experiencing with an mssql datasource. I've get hanging threads that are waiting for a query to finish executing. The requests never timeout even though my application timeout is set to 50 seconds. I'm seeing that some queries get "suspended" and are waiting for a resource to become available, which in some cases never happens. See my bug report here: https://luceeserver.atlassian.net/browse/LDEV-1622

Activity

Brad Wood 29 August 2019 at 17:14

That would be a very simple approach and probably easy to implement since it has a struct of options that basically mirror the cfquery attributes.

JP 29 August 2019 at 17:10

At the very least, queryExecute() needs to respect this.tag.query.timeout global setting in application.cfc

Brad Wood 29 August 2019 at 17:03

Just ran into this again today. A shame it's still not possible.

Brad Wood 21 December 2017 at 18:21

Thanks for adding this ticket @JP

Resize issue view side panel

Details

Assignee

Unassigned

Reporter

Labels

datasourcequery

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Affects versions

5.2.6.29

Priority

New

Created 21 December 2017 at 18:20

Updated 8 May 2020 at 18:11