Re: A JDBC bug or problem relating to string length in Java
От | Oliver Jowett |
---|---|
Тема | Re: A JDBC bug or problem relating to string length in Java |
Дата | |
Msg-id | 20030902014413.GA18843@opencloud.com обсуждение исходный текст |
Ответ на | Re: A JDBC bug or problem relating to string length in Java (joe user <palehaole@yahoo.com>) |
Ответы |
Re: A JDBC bug or problem relating to string length in Java
|
Список | pgsql-jdbc |
On Mon, Sep 01, 2003 at 06:30:24PM -0700, joe user wrote: > Btw, this, and the null-byte problem, could probably > cause various low-bandwidth DoS attacks against any > site that uses PG/JDBC. Imagine a typical JDBC use > like this: > > try { > [ .... ] > preparedStatement.setString(...); > db.close(); > } > catch(SQLException sqe) { [log it...] } > > If enough of these multi-byte problems or null > problems are thrown at the app, it will throw an > exception in the try block before it can get to the > db.close() statement, quickly exhausting link > resources. This is in fact happening on our web > application right now. It seems that it would be > possible to bring down a service with at most a few > hundred requests like this. > > Any ideas? Do the close() in a finally block. It's good practice anyway. -O
В списке pgsql-jdbc по дате отправления: