Home > mailing lists

Re: A JDBC bug or problem relating to string length in Java - Mailing list pgsql-jdbc

From	Oliver Jowett
Subject	Re: A JDBC bug or problem relating to string length in Java
Date	September 2, 2003 01:45:00
Msg-id	20030902014413.GA18843@opencloud.com Whole thread Raw
In response to	Re: A JDBC bug or problem relating to string length in Java (joe user <palehaole@yahoo.com>)
Responses	Re: A JDBC bug or problem relating to string length in Java (joe user <palehaole@yahoo.com>)
List	pgsql-jdbc

Tree view

On Mon, Sep 01, 2003 at 06:30:24PM -0700, joe user wrote:

> Btw, this, and the null-byte problem, could probably
> cause various low-bandwidth DoS attacks against any
> site that uses PG/JDBC.  Imagine a typical JDBC use
> like this:
>
>     try {
>         [ .... ]
>         preparedStatement.setString(...);
>         db.close();
>     }
>     catch(SQLException sqe) { [log it...] }
>
> If enough of these multi-byte problems or null
> problems are thrown at the app, it will throw an
> exception in the try block before it can get to the
> db.close() statement, quickly exhausting link
> resources.  This is in fact happening on our web
> application right now.  It seems that it would be
> possible to bring down a service with at most a few
> hundred requests like this.
>
> Any ideas?

Do the close() in a finally block. It's good practice anyway.

-O

pgsql-jdbc by date:

From: joe user
Date: 02 September 2003, 01:30:53
Subject: Re: A JDBC bug or problem relating to string length in Java

From: Kris Jurka
Date: 02 September 2003, 02:01:49
Subject: Re: A JDBC bug or problem relating to string length in Java

Re: A JDBC bug or problem relating to string length in Java - Mailing list pgsql-jdbc

Previous

Next