The Drupal watchdog has been bugging me for years now. But today I have just had enough. It is a thing that just begs for a denial of service attack on the database server. It also exposes one of the true weakness of Drupal code design. Putting everything in the database and making it dynamic "magic" impresses to the end user. That is until they get errors because their shared hosting environment can't handle the load. It is also the reason for a significant slow down in page loads for busy web sites. Since this is one of the very first database events it has to be fast so that the rest of the site can load. But if it is slow all the time it uses goes wasted for an event that has no real importance.

This was in the bootstrap.inc of Drupal 4.5 to 5.7 which was pretty idiotic. Though it has been moved into a seperate module in Drupal 6.0 it is still a pain in the ass because it is a weakness in security. Anyone wanting to overload the database would only have to hit a site with millions of events that have to be logged.

If you are running 5.7 or below then your site will not load because MySQL will crap out when the memory limit is reached on trying to do an insert. If you are running 6.0 you might be a bit better off since watchdog is controlled by a module. You can just turn it off. The thing is since there is hook_watchdog other things might start happening and since watchdog is off you can't track them.

You also have to filter a lot of crap that may be stored in the database and comprimise its integrity. The best solution is to move the functionality to a text file. Which is what is happening today in fireOrb development.

Happy Publishing!

Join Hiveminds and link to your website or blog.