On Mon, Sep 01, 2003 at 06:30:24PM -0700, joe user wrote:
> Btw, this, and the null-byte problem, could probably
> cause various low-bandwidth DoS attacks against any
> site that uses PG/JDBC. Imagine a typical JDBC use
> like this:
>
> try {
> [ .... ]
> preparedStatement.setString(...);
> db.close();
> }
> catch(SQLException sqe) { [log it...] }
>
> If enough of these multi-byte problems or null
> problems are thrown at the app, it will throw an
> exception in the try block before it can get to the
> db.close() statement, quickly exhausting link
> resources. This is in fact happening on our web
> application right now. It seems that it would be
> possible to bring down a service with at most a few
> hundred requests like this.
>
> Any ideas?
Do the close() in a finally block. It's good practice anyway.
-O