Re: A JDBC bug or problem relating to string length in Java

On Mon, Sep 01, 2003 at 06:30:24PM -0700, joe user wrote:

> Btw, this, and the null-byte problem, could probably
> cause various low-bandwidth DoS attacks against any
> site that uses PG/JDBC.  Imagine a typical JDBC use
> like this:
>
>     try {
>         [ .... ]
>         preparedStatement.setString(...);
>         db.close();
>     }
>     catch(SQLException sqe) { [log it...] }
>
> If enough of these multi-byte problems or null
> problems are thrown at the app, it will throw an
> exception in the try block before it can get to the
> db.close() statement, quickly exhausting link
> resources.  This is in fact happening on our web
> application right now.  It seems that it would be
> possible to bring down a service with at most a few
> hundred requests like this.
>
> Any ideas?

Do the close() in a finally block. It's good practice anyway.

-O