Is it safe to run SQL requests manually?

edgarogh · November 30, 2024, 7:55pm

My version of HedgeDoc is: 1.9.3

Hello, I’ve noticed that my public-facing instance is used by vietnamese bots to promote gambling websites (for SEO?), and I’d like to purge them. Due to the lack of a proper admin console in 1.x, is it safe to run an SQL command to mass-delete the notes I don’t like? Assuming that my SQL request itself is correct and only remove the notes I no longer want, is there a risk I’ll corrupt something internally? Is there a risk of some residual data “leaking” database storage space (i.e. excluding uploads). Are there on delete cascade directives everywhere where it’s relevant?

Thank you

ErikMichelson · November 30, 2024, 11:47pm

Hi @edgarogh and welcome to the HedgeDoc community!

It should be safe to delete the spam notes directly via SQL as long as they are not currently being edited.
Actually, we did exactly the same when we cleaned the old demo instance.

The relevant table is the “Notes” table. The data from the “Revisions” and “Author” table is automatically deleted per cascade. Except the uploads (which are unfortunately not tracked in the db), there should be nothing left in the database.

edgarogh · December 2, 2024, 3:53am

Thank you, I can confirm that this worked without any visible issue!

Have a good week