| From: | Oliver Jowett <oliver(at)opencloud(dot)com> |
|---|---|
| To: | joe user <palehaole(at)yahoo(dot)com> |
| Cc: | Kris Jurka <books(at)ejurka(dot)com>, pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: A JDBC bug or problem relating to string length in Java |
| Date: | 2003-09-02 01:44:15 |
| Message-ID: | 20030902014413.GA18843@opencloud.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Mon, Sep 01, 2003 at 06:30:24PM -0700, joe user wrote:
> Btw, this, and the null-byte problem, could probably
> cause various low-bandwidth DoS attacks against any
> site that uses PG/JDBC. Imagine a typical JDBC use
> like this:
>
> try {
> [ .... ]
> preparedStatement.setString(...);
> db.close();
> }
> catch(SQLException sqe) { [log it...] }
>
> If enough of these multi-byte problems or null
> problems are thrown at the app, it will throw an
> exception in the try block before it can get to the
> db.close() statement, quickly exhausting link
> resources. This is in fact happening on our web
> application right now. It seems that it would be
> possible to bring down a service with at most a few
> hundred requests like this.
>
> Any ideas?
Do the close() in a finally block. It's good practice anyway.
-O
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kris Jurka | 2003-09-02 02:02:08 | Re: A JDBC bug or problem relating to string length in Java |
| Previous Message | joe user | 2003-09-02 01:30:24 | Re: A JDBC bug or problem relating to string length in Java |