Thanks Kris, I'll do that. It was a funny one to see happening on my server
as you can imagine. The bug could cause some security problems in shared
hosting environments - repeatedly opening connections on the driver until
you got someone else's database etc. The patched version appears to run AOK
on my production server now.
Cheers,
k@rl
-----Original Message-----
From: Kris Jurka [mailto:books@ejurka.com]
Sent: Sunday, 16 November 2003 2:17 p.m.
To: Karl von Randow
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] org.postgresql.Driver not thread-safe
On Sun, 16 Nov 2003, Karl von Randow wrote:
> Hi all,
>
> It seems that org.postgresql.Driver isn't thread safe, as it stores
> details from the connection URL to the connect method in an instance
> variable "props" - and there is no synchronisation. The DriverManager
> (java.sql.DriverManager) returns the same instance of the
> org.postgresql.Driver to each getDriver(String url ) method and
> probably all of the others. Hence the problem with multiple threads
> connecting at the same time, the threads obtain the same Driver
> instance and the connection details from different threads can become
> muddled.
Yes, good catch.
> I've made a simple patch against the REL_7_3_STABLE branch of
> Driver.java.in which removes the use of the instance variable. I'm
> going to test this patch immediately.
In the future when submitting patches please use a context diff (-c) format
and attach it to the email so it avoids line wrapping.
Here is the corresponding patch against cvs tip which should also apply
cleanly to the 7.4 branch.
Kris Jurka
