db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sunitha Kambhampati <ksunitha...@gmail.com>
Subject Re: [jira] Updated: (DERBY-959) Allow use of DRDA QRYDTA block sizes greater than 32K
Date Thu, 15 Jun 2006 21:02:46 GMT
Bryan Pendleton wrote:

>> So I think -- The server max size for blocksize should be 10M because 
>> that is the limit that is allowed by the spec.  From my understanding 
>> of the spec, the server does not get to choose the blocksize for 
>> QRYDTA. It is the client which sends the qryblksz. 
> I agree with your analysis of the spec.
> Are you concerned that this may present any sort of denial-of-service
> opportunity for a malicious client? That is, a poorly-written or
> outright-evil client could establish multiple connections, all requesting
> 10 Mb buffers, and starve the server out of memory?
No. I am not so much concerned about malicious clients. As you say, it 
is pretty unlikely.  Also I think, if needed it is possible to prevent 
malicious clients from connecting to the server by turning on user 
authentication, running with security manager etc. Assumption is 
ofcourse that the "trusted" users are trusted enough to not use 
malicious clients.

But my point was to state that -  irrespective of what a "good" value 
for the client & server is, the server's max query blocksize should be 
10M ( which is per the spec).   Does that sound reasonable to you ?


View raw message