Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 6201 invoked from network); 6 Jul 2007 14:50:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Jul 2007 14:50:26 -0000 Received: (qmail 87455 invoked by uid 500); 6 Jul 2007 14:50:28 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 87426 invoked by uid 500); 6 Jul 2007 14:50:28 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 87417 invoked by uid 99); 6 Jul 2007 14:50:28 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jul 2007 07:50:28 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jul 2007 07:50:25 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id CFE817141EB for ; Fri, 6 Jul 2007 07:50:04 -0700 (PDT) Message-ID: <16012164.1183733404848.JavaMail.jira@brutus> Date: Fri, 6 Jul 2007 07:50:04 -0700 (PDT) From: "Daniel John Debrunner (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-2451) a client can crash connections of another client In-Reply-To: <14263395.1173887889704.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510698 ] Daniel John Debrunner commented on DERBY-2451: ---------------------------------------------- > there is a critical security/data-coherence risk. I don't think there's any data-coherence risk. The only security risk would be a denial of service attack by one client being able to render other client's connections unusable. > a client can crash connections of another client > ------------------------------------------------ > > Key: DERBY-2451 > URL: https://issues.apache.org/jira/browse/DERBY-2451 > Project: Derby > Issue Type: Bug > Components: Network Server > Affects Versions: 10.2.2.0 > Reporter: quartz > Priority: Critical > > Using 10.2.2.0. > Steps to reproduce: > 1-Start a NetworkServerControl > 2-Start a 1st client (sqlworkbench/J), show some rows of some db, table X (stay connected) > 3-Start a 2nd client (sqlworkbench/J), show some rows of some db, table X. > 4-disconnect 2nd client > 5-redo the 1st client query (refresh) > You get a non architected message, sqlstate 58009, db errorcode -4499. > In derby log, I see a shutdown of the database, and a restart. > No matter how badly and corrupted a client connection can get, nor if the client connection is > a bug in any client, such corruption should never destabilise a "server", > certainly not other clients connections. > It may be that the client tries to shutdown the DB; it shouldn't have such privilege anyway since it > is a network "client" connection, NOT an embedded connection. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.